Smart About Money: Phishing scams hit close to home
By Nick MaffeoIn February, the Boston Herald reported that the town of Tewksbury had lost $100,000 in a phishing scam.
According to the Herald, the Tewksbury town manager said an employee had received a seemingly legitimate email from a regular vendor seeking payment via wire transfer. Apparently the payment request was not red-flagged as “unusual” because Tewksbury does pay some vendors via wire transfer.
Nick Maffeo
Unfortunately, Tewksbury officials discovered quickly — but too late — that this time the email was spoofed to appear to come from the vendor.
It’s a sad story that is all too common — an email request for a wire transfer looks legitimate but it’s not.
About the same time, phishing scammers targeted youth hockey programs around the state, including Canton Youth Hockey.
As it so happens, I am currently the president of Canton Youth Hockey. One afternoon the members of my board received an oddly worded email that was supposedly from me. The email said I had a “request” I needed them to “handle discreetly.” They were instructed not to call but to reply to the email.
It was all a spoof! While the sender’s address seemed to be from me, the “reply to” address was a completely different, anonymous Gmail address.
Luckily in this case, several members of the CYH board thought it sounded fishy, so they called me before responding to the email. I was able to confirm that it was not from me and we immediately reached out to the other members of the board to alert them.
In the cases of these two scams, the thieves used familiarity to make the victims feel comfortable to respond without confirming (Tewksbury) or feel like they were helping a colleague/friend (CYH).
Business banking customers absolutely need to have strong internal wire transfer procedures in place with multiple-factor confirmation and authentication to be sure a transfer request is genuine.
If you’re not sure what that needs to include for your business, talk to your bank, your accountant, or an independent computer security specialist.
(It’s not clear why Tewksbury did not have a strong verification procedure in place. Presumably they will have one going forward.)
Phishing scams are increasingly targeting local groups and individuals as well. You have to be prepared to recognize messages that sound “off” and be ready to handle all incoming messages — email, phone, text — in ways that will keep you from becoming a victim.
In the case of the Canton Youth Hockey scam attempt, the people involved had a healthy skepticism. They did not respond to the email immediately, and, most importantly, they did not follow the instructions for “secrecy” in the email. They reached out on a completely different channel — by phone — and spoke to the supposed sender to confirm/verify. Exactly right!
Any message that involves secrecy is probably a scam. Any request or demand for gift cards is 100 percent guaranteed to be a scam. Take it slow if you get such a message. Take it easy, no matter how alarming a message seems to be. Show the message to other people you can trust to stay calm. Feel free to call your bank or just call the police.
Your phone is a powerful tool that you can use to protect yourself by reaching out to people who can help you determine what you’re dealing with. If it’s a “fishy” message, chances are very good that it’s a scam.
Nick Maffeo is the President and CEO of Canton Co-operative Bank in Canton. Have a question? Email to submissions@cantoncitizen.com.
Short URL: https://www.thecantoncitizen.com/?p=85887
Posted by Nick Maffeo
on Apr 22 2022. Filed under Featured Content, Opinion, Smart About Money.
Both comments and pings are currently closed.
