It seems many people dealing with foreign trade business inboxes are flooded with phishing emails in recent years, including Tom’s, working in the rechargeable massager industry for over 20 years, he never had such an awful experience before.
Aug. 02
Tom sent PI of scar tissue massager to his customer Z to arrange payment after scar vibration tool sample was approved on Aug. 1st.
Z doesn’t prefer to pay via Paypal, so he required to offer massager vendor’s company official bank account. Tom re-sent PI with Citibank information.
Z replied that he’d arrange a transfer on Aug. 05 and they added each other’s WhatsApp.
Aug. 08
Z sent a message via whatsapp: “Tom, I got your email. could you change your bank information on our massager contract to Citibank? See the screenshot.”
Tom couldn’t put his finger on the meaning of this email.
He scratched his head:
“What? our bank is already Citibank, did our bookkeeper change bank information and didn’t inform me? I’d ask her”
He just replied: ”ok, I will update soon.” (Tom had no idea that the scammer has already supervised their email and changed bank information)
Aug. 09
Tom got the information for his bookkeeper that she never changed bank information.
At the moment, a message from Z on Whatsapp popped up again: “Tom, why still haven’t changed your bank information, you will be responsible for the delayed shipment of our scar massagers!”
Tom’s heart thumped and cursed: “Bastard, dirty hacker!”
He texted Z immediately: “I didn’t send email to you yesterday, please show me the screenshot. The photo from Z made him almost fall off his chair!
Sure enough, the cheater used his signature, the same email (Mailbox suffix is different but few people ever noticed it) to send a fake booty plug PI to Z, the recipient bank was X Industrial Bank.
Fortunately, Z asked him on whatsapp, because Tom couldn’t get his email (the scammer intercepted it).
This is the first time he encounters the scam, hard to calm down inside, he has an impulse to report to police. But other people’s experience turned out to be it’s very tough to find the cheater’s whereabouts.
Self-reflection Conclusion:
- The scammer got the chance this time maybe because Tom used the network in public places or hit the phishing links;
- He’s weak at keeping vigilance, never expecting this kind of thing would happen to himself;
- Add the following text to the email signature:
If any payment details changed, we will inform you by phone call or Whatsapp. If not, please don’t take any action.
- Change his email password every month.
Hope this article is helpful to everyone.