Gee and Watson

FRAUD ALERT! VERY IMPORTANT. PLEASE READ.

Fraudulent attempts to use emails to dishonestly extract significant sums of money from individuals is rife. If you have not yet been the subject of an attempted scam to relieve you of monies, then the likelihood is you will be targeted at some point.

Often, attempted scams are easy to detect as the email is unprofessionally worded and/or the grammar and spelling used is particularly poor.

However, one of our clients was recently targeted by a fairly sophisticated approach. We wish to share the facts with you so that you will be better placed to detect such attempts if they are directed at you.

Forewarned is forearmed and your financial wellbeing is very important to us.

Background

As pretty much anyone with an email address knows, there are often emails purporting to be from a bank or other institution to trick the unaware into giving over sensitive information such as passwords, account numbers etc. Often, they are quite obvious by their bad formatting, spelling mistakes, etc. This is called "phishing".

However, there is a more insidious form called "spear phishing". This is more targeted towards the recipient, even including personal information and looking more well-crafted i.e., better formatting and less spelling mistakes. Often these are the result of an email account being hacked and harvested for personal information and contacts.

The Attempted Fraud

Fraudsters may gain access to and monitor email accounts, usually due to weak passwords or using the same passwords on multiple websites, one of which might have been hacked. Once in, they can search for personal information, contacts and “buzzwords” such as “investment”, “withdrawal”, etc. Depending on what information they can glean, the fraudster can decide whether or not to proceed further.

With regards to our client, either their or our adviser’s email account was hacked. This enabled the fraudster to gain valuable information which could enable a personalised fraudulent approach. The fraudster was able to match the client with his adviser and gain valuable information from both as to how they may communicate e.g., salutations, their partner’s name and our advisers email signature block to make the fraudulent attempt look authentic.

The fraudster also went to the expense and effort to purchase an internet domain (web address) which looked similar to our own for their email address. Our advisers email addresses are in the format of firstname.surname@geeandwatson.com but the fraudster used firstname.surname@geeandwat.com.de. It should be noted that many devices do not display the full email address. Consequently, at a glance both email addresses can appear identical.

The fraudster then emailed our client with opening phrases which were commonly used by our adviser. The fraudster even wished his wife well, ensuring to spell an unusual spelling of a common name correctly.

The email recommended that a sum of £100,000 should be considered for an immediate access cash deposit account with a well-respected institution (Goldman Sachs). The interest rate quoted was attractive in order to gain a positive response but not so wildly high that it would be considered unbelievable. The fraudster advised that £100,000 should be considered for investment but if not currently available, an amount of £50-60,000 could be initially deposited which could be topped up at a later date.

To add authenticity to the email our adviser’s mobile number was also added but with one digit changed. Presumably, this was so that if the client had chosen to phone this number then on realising the number wasn’t working, he would reply via email therefore keeping the fraudster in control.

Our client politely responded to the email to say that he would be away for a few days but would consider and respond upon his return. By replying to the fraudster, believing him to be his adviser,  it enabled the fraudster to exchange further emails on a chit chat basis, further building authenticity.

Fortunately, when our client returned, he phoned his adviser using a number not from the email exchange and the truth was discovered when our adviser informed our client that he had no knowledge of the recommendation that had been presented.

Some Tips To Stay Financially Safe

•             We will never send you a recommendation to invest money out of the blue. We will always discuss any recommendations with you.

•             If someone asks you to send them money, consider phoning them on a number you know to be correct to validate the request and bank details. You may also wish to consider sending a small amount and if receipt is confirmed by the known recipient send the balance. Please remember email confirmations may be controlled by a fraudster.

•             When receiving an email click on the sender’s email address to further reveal the full address and ensure it is 100% accurate. Be aware that in some fonts some letters can look similar e.g., I (an uppercase i) and l (a lowercase L).

•             Do not disclose passwords.

•             Do not reuse passwords.

It is for these reasons that if we ever receive a withdrawal request via email, we always telephone our clients to validate any such requests in case monies are sent to a fraudster who has hijacked a client’s email account.

I do hope this story has been informative and “puts you on guard” as your financial and mental wellbeing is extremely important to us.

Please feel free to share this email with family and friends as any enhanced knowledge is more likely to keep your finances safe and intact.

May I also take the opportunity to wish you well and to thank you for entrusting your business with us which is very much appreciated.

Currently life is already more frustrating without scammers on the prowl.

Best wishes and kindest regards

Adrian

Adrian Cleator  DipPFS
Managing Director

 

Other News

27/03/2020
28/02/2020
15/01/2020
10/12/2019
16/10/2019