As most in town are aware and many still angry over, the city of Jasper lost $150,000 in taxpayer/water customer payments to an e-mail scam.
They were certainly not the first to lose money to an online swindler, but it would be nice if they were the last in the community to see a bank account emptied by crooks – who are usually in another country in these cases -who stand little chance of being brought to justice. The city had a cybercrime insurance policy so we’ll hopefully be reimbursed. For the numerous stories we’ve reported of people caught in the same type of scam, there was no insurance and some are now without a lifetime of savings, money needed for retirement, rent or to sustain their lifestyle.
Most of the victims are in the retirement category or else businesses that, like city hall, were targeted. At least one local business also fell to a similar “conversation hacking” scam, where the crooks join in an ongoing e-mail exchange. These are frighteningly easy to pull off by scanning public information – crooks can tailor a scam (either by phone or e-mail) for a victim. A common one is by phone when someone poses as a law enforcement agent and knows a relative’s name and says they need bail right now to avoid lock up – it’s very effective against grandmothers.
Following our reporting of the scams, we can see how they have come a long way from the old Nigerian Prince with a fortune who needs a partner. Some blame the writing abilities of AI programs to draft convincing e-mails in English. Gone are the “Dear Sir/Madam, Kindly give your attention” clunkiness making many of the earlier scams look fishy right off the bat.
Ironically, last week at the Progress it appeared that Reporter Angela Reinhardt had e-mailed Editor Dan Pool advising that she was changing her banking information, ahead of the next payday. It was addressed to Dan and the sender initially appeared to be Angela. There were several things that kept us from falling for this. First, technical – the return e-mail didn’t match a Progress account with a strange nc.rr.com. It appeared Angela was the sender until you looked at the e-mail address.
The big second clue, and this requires no technical knowledge — it made no sense that the reporter would e-mail the editor on a payroll issue – that’s another person altogether. Common sense and suspicion need to be on red alert any time you are doing business online.
We would never walk around Walmart with our entire lifesavings in cash on display in a clear box, but many think little of giving a credit card number online or entering banking information or telling a caller your Social Security number.
A local cybersecurity professional said at a recent conference his company is instituting a “zero trust” policy. They don’t trust anything coming in by e-mail or from apps, considering every last communication they get a potential scam, until it is verified as legitimate. Time consuming but far better than cleaning up a hacking attack later.
Rather than relying on some new technology to keep you safe, trust your suspicion and recognize the fact that it is not hard to send a convincing fake e-mail. You can always call a company, “Hey do you really need my credit card again?/”
As in the case of the e-mail at the Progress, rather than sending any reply, our editor walked up the hall and asked the reporter, “What the heck is this?” Potential scam plot busted.
We could offer specific rules to be safe but the growing sophistication of scams makes technical warnings today obsolete tomorrow.
Instead it is better to develop your own sense of suspicion. And know that there is a new online scam born every minute.