Further to a previous scam.. an admin assistance this morning had an e-mail claiming to be from the CEO of the company.
The e-mail chain went as follows (names and domains redacted for privacy):
19 December 2016 at 14:01
Subject: INVOICE 277
Adam REDACTED <hon22@inbox.lv>
To: Tanya@REDACTED.co.ukTanya
How much does the bank charge for chaps payment
Regards
Adam REDACTED
sent from my iPad
19 December 2016 at 14:14
Subject: INVOICE 277
Tanya Taylor <tanya@REDACTED.co.uk>
To: Adam REDACTED <hon22@inbox.lv>£25
Tanya
19 December 2016 at 14:28
Subject: INVOICE 277
Adam REDACTED <hon22@inbox.lv>
To: Tanya REDACTED <tanya@REDACTED.co.uk>Tanya
Please make a faster payment of £10,560 to this account,
Beneficiary Name : Firetail Limited
Address:6 Motley Avenue
London EC2A 4SU
Phone: +44 (0) 207 148 0910Email: info@firetail.co.uk
sort code: 777406
account: 23102260
Let me know once this transfer is completed.
Regards.
Adam REDACTED
sent from my iPad
As always – be aware of any kind of scam. Emails claiming to be invoices, emails claiming your Amazon account has been suspended.. and emails asking for payment to be made. It is always worth spending a few minutes to contact the sender directly to ensure that the request is genuine. In this case it is fairly easy to spot as the scammer is using “hon22@inbox.lv” which isn’t anywhere near the domain name of the victim company.
However – often senders get their email accounts hacked… so just because it came from a genuine email address does not mean the request is genuine.
The scammer seems to be using inbox.lv webmail and the e-mail headers give away that they are using Firefox 50.0.
They seem to be hiding behind a VPN or VPS given the amount of abuse associated with the IP. The IP used to submit the messages was:
146.185.31.214 – “92b91fd6.rdns.100tb.com”
thecomputerperson 