Vendor Violations

vv-spoof

Detective Cy was in her office organizing case files and nursing a cup of coffee when the phone on her desk began to ring. Upon answering it, a concerned voice cried out from the other end.

Eric, the accounts manager for a local school, was receiving past due notifications from their construction vendor. In total, they were requesting payment for over five million dollars! Yet, he knew for certain that the vendor had already been paid; he even had the receipts!

Cy thought for a moment, asking if there could have been a processing error with the bank. Eric said that was unlikely, as he had already contacted the bank and the transactions seemed valid. Cy drank the last of her coffee and swallowed hard. To solve this case she would need to see the evidence in person.

At the school, Eric brought Cy to his office and led her to his computer. She asked Eric to describe when the payment requests began, to which he replied three months ago. She quickly reviewed every email from the vendor over the past year, comparing them side by side. They looked almost identical… except for one small detail!

Cy hovered the cursor over the payment link from the beginning of the year, and then compared the URL to the one in Eric’s most recent emails. While the link looked the same, the actual URL was different! She explained that a hacker had likely gained access to the vendor’s email system and began redirecting payments by changing account and routing numbers.

Cy told Eric to contact the bank as quickly as possible. With this new information, he could file a fraud claim and possibly restore the stolen money. Eric agreed that he would do just that, and promised to inspect every aspect of an email before clicking potentially dangerous links in the future!

Lessons Learned:

  • Never respond to or click on links provided in emails without confirming the source.
  • Never click on or download any attachments coming from an unknown email address.
  • Always hover over links in an email to ensure the URL is legitimate.
  • If the email is from a vendor, make sure the address matches any emails you may have received from them in the past.
  • Verify the identity of person you are emailing. You can do this by composing a separate email to that person or calling them directly and asking for confirmation.

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

MOre POSTs

Education
Detective Cy

The Sticky-Note Scandal

Detective Cy was busy reading over the details of her most recent case when the phone began to ring. Gina,

28 Worlds Fair Drive
Somerset NJ 08873

© 2020 D2 Cybersecurity   All rights reserved   Privacy

To learn how we can help, get in touch with our Sales Team