Water Company Scammed Out of $645,000
Posted by: Timothy Weaver on 05/15/2017 10:02 AM
[
Comments
]
With the help of social media, an inside man and international banks, a UK-based regional water supply company lost over £500,000 ($645,000) in a sophisticated scam.
A law firm was called in to investigate and they found that the scam started with clients who were locked out of their accounts. Once they regained access to their accounts, they found that new bank accounts were appended to their profiles.
When the company started looking into their own system, they found that someone had requested refunds for previous business transactions.
Further investigation found that all the refunds, totaling $645,000, had been sent to two UK banks. The banks reported that , because of a social engineering scam, they had transferred the funds to banks in Dubai and the Bahamas.
The funds were then transferred to Bitcoins and further distributed. Lacking a paper trail, the law firm looked into their internal operations. That led them to a call center in Mumbai, India, that handled the water companies customer service operations.
Only one employee handled the requests for the refunds. He wouldn't cop to the scam, but he did allow the investigators access to his home computer. The forensic study found that the system had been wiped, but the employee didn't realize that the data still existed in the shadow volume copies.
There the investigators found emails between the employee and a UK-based individual, which later turned out to be his cousin. The cousin would receive images of the accounts that were locked out, do a password reset and then change the banking details.
Officials secured a conviction for his cousin.
Source: Bleeping Computer
A law firm was called in to investigate and they found that the scam started with clients who were locked out of their accounts. Once they regained access to their accounts, they found that new bank accounts were appended to their profiles.When the company started looking into their own system, they found that someone had requested refunds for previous business transactions.
Further investigation found that all the refunds, totaling $645,000, had been sent to two UK banks. The banks reported that , because of a social engineering scam, they had transferred the funds to banks in Dubai and the Bahamas.
The funds were then transferred to Bitcoins and further distributed. Lacking a paper trail, the law firm looked into their internal operations. That led them to a call center in Mumbai, India, that handled the water companies customer service operations.
Only one employee handled the requests for the refunds. He wouldn't cop to the scam, but he did allow the investigators access to his home computer. The forensic study found that the system had been wiped, but the employee didn't realize that the data still existed in the shadow volume copies.
There the investigators found emails between the employee and a UK-based individual, which later turned out to be his cousin. The cousin would receive images of the accounts that were locked out, do a password reset and then change the banking details.
Officials secured a conviction for his cousin.
Source: Bleeping Computer
Comments
