DO NOT PAY ANY MONEY! IT IS A SCAM!
Quick heads up to anybody searching for information about this. As of 24th January 2018 there appear to be an influx of emails to businesses around the UK trying to trick the accounts department into paying large sums of money to a new beneficiary.
The body of the email is short and to the point:
I need you to process a “Faster Payment” to a new beneficiary, can you handle this right now?
Payee details attached.
Regards
<Director’s Name>
Sent from my iPhone.
The emails generally appear to come from the name of a company director and the email address may look legitimate but the hidden “reply to” address is different and the contents of the email and attachment are a scam. The reply to email address is subtly changed and instead of .co.uk on the end of the email address it’s .co.uk-k.uk which a lot of people might not notice, especially on a small smart phone screen that truncates text.
My accounts department (i.e. me) recently received such an email. It appears to have come from an employee I do not have and the attacment is a spoof Lloyds TSB payment details page requesting £9,855.00 with UK BACS details included.
The email sign off includes “Sent from my iPhone” which is probably to help make the otherwise short email seem legitimately like it was typed on an iPhone from the Director.
The amount varies, some have been £9,945.00 some £9,855.00 but they always seem to keep it below £10,000 which is presumably to stop it requiring second authorisation or flagging up on any bank system checks.
The hidden internet headers show the source of the original message:
Received: from vps167794.vps.ovh.ca (unknown [158.69.192.239])
by cust-smtp-auth4.fasthosts.net.uk (Postfix) with ESMTPA id 6568F7435EF
If you receive a similar email please report it to ActionFraud immediately who can then take action to freeze the bank accounts and try and trace the criminals behind it.
You can also find more information on this here and here.
Update 21/02/2018 – another scam email received
Three weeks after my initial scam email was received, I have just received another almost identical whaling/spear fishing scam email.
Subject: Faster payment
Body:
I nеed you to mаkе а “Fastеr Paуment” for a new vеndor.
Pаyее details attachеd.Rеgards
<faked name>
Sent from mу iPhone.
Payee Details this time were:
Payee Name Jasmine Brooks
Bank Name Lloyds Bank Plc
Account Number 10250163
Sort Code 30-64-13
Update 14/03/2018 – another scam email received
It looks like I’m on a list and they’re stupid enough to continue trying to scam me. I’ll keep updating this post every time I receive a spear fishing email to make sure the account number and sort code are indexed by Google and hopefully prevent somebody losing money if they Google the details.
Pleasе hаndlе а £8,625.00 fаster pаymеnt in favour of the new contrасtor.
Sort сodе: 30-61-22
Aсc. number: 10434154
Beneficiary: Heidi Smith
I will forwаrd thе раperwork onсe i’m lеss busy.
Leavе a rеply once done or if уou get anу problеm whilе sеtting it uр.
Rеgards
XXXXXXXXXX
Sеnt from my iPhone.
As of June 1 they are still coming – this time under HSBC branded attachment using same Lloyds Bank branch address and different name and account numbers.