Scamming the LMSC
Recently the LMSC was the target of a scam, so we thought we’d let you know about this – it seems likely the fraudsters will be targeting small voluntary groups like the LMSC, on the basis that they might be less careful about checking things, and not have the same security procedures in place as a business would.
Recently our treasurer, Jason, apparently received an email from Nick, the LMSC Chair, saying:
We need to make a payment by Bank transfer, would you be able to do it today? let me know if you can
There followed an email exchange between the two, where ‘Nick’ gave details of the bank account to which the transfer was to be made, and the amount. So why did we decide it’s a scam?
1. Jason and Nick are, of course, real people. However, the names of our committee members are made public on our web site, accessible by anyone.
2. The amount to be transferred was £2,489.56. This is a lot of money, and no reason was given for the transfer.
3. The email address the emails were from was apparently email@example.com. This is a legitimate address – we set up addresses like this for each of our committee members. They simply redirect to their real email address. So the chairman email address was in the from field of the email. The reply-to address was firstname.lastname@example.org. It’s always worth checking who your replies go to. It’s not unusual for the replies to go to a different email address than that in the from field. But in this case, the gmail address was not Nick’s personal email address.
4. The email header showed the origin of the email was a Czech server - though very few people look at email headers, which in most email clients will probably be hidden anyway.
The email exchange was chatty and friendly. The language was colloquial English – a few minor errors, but nothing which would make you think it was from a non-English speaker. But after receiving the payment details, Jason emailed Nick directly, to his correct email address, and asked if this was legitimate – his concern being triggered by the large amount. Nick, of course, knew nothing about this, and the payment was not made.
As we said at the start, it seems very likely the scammers are targeting small voluntary groups because they are likely not to be as rigorous in their payment procedures. It’s at least possible they are specifically targeting flying clubs. So be careful!