WARNING: Business scam/spoof email requested payment of just under £10,000

DO NOT PAY ANY MONEY! IT IS A SCAM!

Screenshot: Spear Phishing / Whaling Scam email

Quick heads up to anybody searching for information about this. As of 24th January 2018 there appear to be an influx of emails to businesses around the UK trying to trick the accounts department into paying large sums of money to a new beneficiary.

The body of the email is short and to the point:

I need you to process a “Faster Payment” to a new beneficiary, can you handle this right now?

Payee details attached.

Regards

<Director’s Name>

Sent from my iPhone.

The emails generally appear to come from the name of a company director and the email address may look legitimate but the hidden “reply to” address is different and the contents of the email and attachment are a scam. The reply to email address is subtly changed and instead of .co.uk on the end of the email address it’s .co.uk-k.uk which a lot of people might not notice, especially on a small smart phone screen that truncates text.

My accounts department (i.e. me) recently received such an email. It appears to have come from an employee I do not have and the attacment is a spoof Lloyds TSB payment details page requesting £9,855.00 with UK BACS details included.

Payment Details Lloyds Bank Plc Henry Duncan House, 30 George Street, Edinburgh EH1 4LH Total due £9,855.00 Payee Name Samantha Parkin Bank Name Lloyds Bank Plc Account Number 10261784 Sort Code 30-64-24 Sub-total (Exc. VAT) Total Inc VAT Balance Due Amount ( GBP ) £9,855.00 0,00 £9,855.00 £9,855.00 Plus VAT (20%) The contents of this invoice and any attachments are confidential. They are intended for the named recipient(s) only. If you have received this invoice in error please notify the the sender immediately and do not disclose the contents to anyone or make copies.

The email sign off includes “Sent from my iPhone” which is probably to help make the otherwise short email seem legitimately like it was typed on an iPhone from the Director.

The amount varies, some have been £9,945.00 some £9,855.00 but they always seem to keep it below £10,000 which is presumably to stop it requiring second authorisation or flagging up on any bank system checks.

The hidden internet headers show the source of the original message:

Received: from vps167794.vps.ovh.ca (unknown [158.69.192.239])
by cust-smtp-auth4.fasthosts.net.uk (Postfix) with ESMTPA id 6568F7435EF

If you receive a similar email please report it to ActionFraud immediately who can then take action to freeze the bank accounts and try and trace the criminals behind it.

You can also find more information on this here and here.

Update 21/02/2018 – another scam email received

Three weeks after my initial scam email was received, I have just received another almost identical whaling/spear fishing scam email.

Subject: Faster payment

Body:

I nеed you to mаkе а “Fastеr Paуment” for a new vеndor.
Pаyее details attachеd.

Rеgards

<faked name>

Sent from mу iPhone.

Payee Details this time were:

Payee Name Jasmine Brooks
Bank Name Lloyds Bank Plc
Account Number 10250163
Sort Code 30-64-13

Lloyds TSB scam bank details
Screenshot: Spear Phishing / Whaling Scam email
Scoopz :Creator of http://blog.scoopz.com Computer Nerd with a bias towards anything and everything Apple. Petrol head with a 5.0L V10 507bhp 205mph car...and a plug-in hybrid BMW i8...and a 2.0L 25yr stripped out, rolled caged car for the track too. Owner of a giant Bernese Mountain Dog. Proud to be an all-round geek!