In the headlines we read about huge companies suffering cyber-attacks, law firms in the US getting hit by ransomware, and so on, but many of us really believe it won’t happen to us – we’re too small to be targeted, our information wouldn’t be of value etc.
Unfortunately, this simply isn’t true; any one of us can be a victim, with devastating effects.
This is the true story (apart from the names) of how criminals syphoned-off thousands of pounds from a local home-based micro-business.
Just yesterday morning the business owners (who we’ll call Jack and Jill in this article) received a text from their bank to advise them that their account had ‘insufficient funds’ to pay standing orders and pending transactions.
Jack was puzzled; this simply didn’t make sense, as he hadn’t made any purchases, or forgotten to transfer the usual drawings – what was going on? On checking the account balance, Jack and Jill found out to their consternation that it wasn’t just empty, but was significantly overdrawn, with large sums of money paid out. The only factor preventing the picture being even worse was that the Bank’s ‘Unauthorised Overdraft’ limit was stopping any further withdrawals, hence the text alert.
Panic set in; how on earth could this happen? Where had the money gone? Was it a bank mistake, and would they ever get it back?
For such a small business this was a huge blow; they’d personally worked so hard, all their lives, for every penny, and now it had simply gone.
Jack quickly telephoned the bank, who then asked him a lot of questions as to who they’d been in contact with, and what had been said, and very quickly the bank’s Fraud Team were investigating.
It then transpired that Jack and Jill had become really frustrated with their slow internet connection, and had recently changed to a very well-known national provider from their original ‘budget’ supplier.
When someone telephoned the office stating they were from the new provider, it sounded genuine; Jack and Jill’s service had recently switched, but there were definitely ongoing problems.
The caller was sympathetic, and suggested that by connecting to Jill’s computer he would be able to investigate. So far, so good – it just needed a website accessing, and a few support codes, and he was logged onto their system to make some ‘necessary changes’ that would resolve the issues they were experiencing. The only snag was, it didn’t actually improve the internet speed.
But a good provider that costs more money, and prides itself on excellent service, wouldn’t leave a customer dissatisfied, would they?
The ‘technician’ telephoned again, determined to resolve the ‘problem’ and, as before, connected to the computer to investigate further – and this pattern had continued for over a month, and still no improvement in the internet speed.
Jack and Jill really weren’t happy with this new provider; the internet was still slow, and while the new provider seemed to be trying hard, it definitely wasn’t what they had expected from a long-established and leading supplier.
Then the text arrived from the bank …
There wasn’t actually a problem with internet connection, and Jack and Jill had been targeted by criminals who used a very simple, but plausible, cover story. (A very common reason for switching broadband providers is to get a better service, so if the anticipated improvements aren’t experienced surely it makes sense that a ‘technician’ would need to connect to my computer to find out why …)
The criminals had actually had a field-day – over the course of the month they’d been able to rummage through Jill’s computer, discover passwords, work out their bank accounts and just watch what happened – and by the end of the month they probably knew nearly as much about Jack’s suppliers and customers as Jack and Jill did.
Not only did the criminals manage to empty their account over the weekend, they also set another trap that even took the bank by surprise.
The criminals knew that the bank would likely realise that Jack and Jill had been defrauded, and would quickly reinstate the stolen funds whilst investigating the fraud – so the criminals set up bogus standing orders that would take effect a few days later … and the account was overdrawn again.
Still thinking this was obvious? Of course, you wouldn’t fall for it; someone pretending to be an engineer, and needing to access your computer? No way they’d catch me out …
These criminals know how to trick you into doing things that you wouldn’t normally do, and they take advantage of you getting stressed. They introduce urgency and make you flustered, but at the same time appear to be genuinely caring and concerned. They will brazenly lie, cheat, and con their way into your confidence and think nothing of leaving a trail of devastation, and of besmirching another businesses reputation.
Remember to take 5 minutes, to think, to question, to check, and more than anything remember it could happen to YOU.
If in doubt – ask for their name, and advise the caller that you’ll phone them back via the company main switchboard number (and not the number they will give, or are showing on Caller Display) and ask to be put through – and then verify the correct number from paperwork or other trusted source!
Or, just hang up on them!