Anatomy of a Scam: Why Personal Client Relationships Matter
Catching a Convincing Scammer
I received a series of emails from a client requesting a $65,000 wire transfer for a payment on a condominium unit in Japan. At first read, the message seemed like a plausible request. The email was addressed to me, referenced specific account types that the client holds with us, asked about the fed funds wire transfer fee, and was signed in the client’s common name.
As with all such requests, I immediately called the client to verify. He informed me that he had made no such request, and was surprised to learn that the request had been sent from his email account. As it turned out, his Hotmail account had been hacked, and some nasty people in some foreign country were trying hard to gain access to his accounts.
What made this attempt particularly disconcerting is that, under certain circumstances I could see how it might work. The hackers had clearly read through enough of the communications to do a reasonably good job of impersonating the client, and I fully believe they would have provided a letter of authorization with the wiring instructions and a forged client signature.
However, at a larger, less personal institution, it is easy to see how the initial email might cause the recipient to let his/her guard down and process the request without making direct verification or to accept the request based upon an incoming call from the scammers. Our policy is to always verify by outgoing telephone call and we strive to know all of our clients well enough to recognize their voices.
For reference, the full text of the scammer’s initial message is provided below:
"John, We need to pay off a condo instrumentally for a family holiday in Japan, i would like a wire transfer to be sent to Japan at your earliest if possible can be done today? we will require the cash available in our trust accounts, and let me know if a wire transfer can be sent to Japan today/tomorrow and how much will a fed wire transfer cost. Please let me know this status."
As you can see, the email contained a number of typos and grammatical errors, but could have been sent hastily from an iPhone. The message did contain a couple of red flags in the use of the word “holiday” instead of “vacation” and the odd choice of “instrumentally”. The bottom line is that scammers/hackers are getting more clever and devious. A strong personal relationship with one’s financial planner can be a good line of defense. I would like to think it would be difficult for a scammer to get through me.