Toy World has been advised that the latest attempts to defraud companies involve email hacking.
A fresh attempt to defraud toy companies has been brought to Toy World’s attention by Brainstorm Toys. Nick Saunders contacted us to detail the new approach that scammers are taking, so that other toy companies can be vigilant against similar attempts.
Nick takes up the tale: “We were recently the target of fraudulent activity, which also involved one of our suppliers in the Far East, so there were potentially big sums of money involved. We found out that emails between us and our Far East supplier had been intercepted; the scammers had managed to hack into one of the email accounts, which meant that they could insert themselves into an existing email chain. It obviously makes it easier to hide attempted fraudulent activity if it comes from a supplier’s genuine email address, and is part of an ongoing conversation.”
Pretending to be the Far East supplier, the perpetrators of the scam told Brainstorm that they had changed their bank details and asked if they could amend the details on their account. Thankfully, Nick felt that something wasn’t quite right and requested a zoom meeting to discuss the situation further. Naturally, the crooks weren’t keen to appear on a video call: as Nick knew the factory bosses by sight, he would have realised that someone was impersonating his vendor in order to divert funds to a fake bank account.
On this occasion, that simple push back averted any potential problems, but as Nick points out, not every supplier will know their factory contacts by sight, and scammers are aware that time can sometimes be of the essence. “It seems that this strategy often involves the scammers claiming that a container is docking, and payment is required immediately in order to facilitate the delivery,” he explained. “In this instance, that didn’t apply to us, so we had time to question the request that had been made. However, I hate to think what might happen if the scammers timed it right with another company which was awaiting a container delivery, and assumed the request to change bank details was genuine.”