Vendor Violations

vv-spoof

Detective Cy was in her office organizing case files and nursing a cup of coffee when the phone on her desk began to ring. Upon answering it, a concerned voice cried out from the other end.

Eric, the accounts manager for a local school, was receiving past due notifications from their construction vendor. In total, they were requesting payment for over five million dollars! Yet, he knew for certain that the vendor had already been paid; he even had the receipts!

Cy thought for a moment, asking if there could have been a processing error with the bank. Eric said that was unlikely, as he had already contacted the bank and the transactions seemed valid. Cy drank the last of her coffee and swallowed hard. To solve this case she would need to see the evidence in person.

At the school, Eric brought Cy to his office and led her to his computer. She asked Eric to describe when the payment requests began, to which he replied three months ago. She quickly reviewed every email from the vendor over the past year, comparing them side by side. They looked almost identical… except for one small detail!

Cy hovered the cursor over the payment link from the beginning of the year, and then compared the URL to the one in Eric’s most recent emails. While the link looked the same, the actual URL was different! She explained that a hacker had likely gained access to the vendor’s email system and began redirecting payments by changing account and routing numbers.

Cy told Eric to contact the bank as quickly as possible. With this new information, he could file a fraud claim and possibly restore the stolen money. Eric agreed that he would do just that, and promised to inspect every aspect of an email before clicking potentially dangerous links in the future!

Lessons Learned:

  • Never respond to or click on links provided in emails without confirming the source.
  • Never click on or download any attachments coming from an unknown email address.
  • Always hover over links in an email to ensure the URL is legitimate.
  • If the email is from a vendor, make sure the address matches any emails you may have received from them in the past.
  • Verify the identity of person you are emailing. You can do this by composing a separate email to that person or calling them directly and asking for confirmation.

Share this post

MOre POSTs

Municipality
Detective Cy

The Gift Card Grift

Hello all, Detective Cy here! Did you know that there has been a significant increase in cyber-attacks since the beginning

Education
Detective Cy

The Suspicious Student

Hello everyone, Detective Cy here with another lesson on staying cyber safe! While most people know to keep their password

Municipality
Detective Cy

Water Treatment Trouble

Hey all, Detective Cy here again! While doing some research on cybersecurity crimes, I recently discovered that the number of

Education
Detective Cy

The Harmful Homework

Hello everyone, Detective Cy here with another lesson on staying cyber safe! Did you know that even if an email

Education
Detective Cy

The Unexpected Encryption

Detective Cy was in her office researching why so many attacks have been happening recently when she received a call.

Credential Copy Crisis
Municipality
Detective Cy

The Credential Copy Crisis

Hello readers, Detective Cy here! Did you know that using the same password for all of your accounts drastically increases

The Vexatious Vendor
Education
Detective Cy

The Vexatious Vendor

Greetings everyone, Detective Cy’s back again! Did you know that many attempts to steal your private information are hiding in