ASA Connect

 View Only

  • 1.  Phishing emails for domestic wire transfer - ASA chapter president requests wire from treasurer

    Posted 09-27-2017 16:13

    ASA community members:

     

    Please be advised that today I received an email purporting to be from my ASA Chapter President (Dayton).

     

    The email asked me if I was able to complete a domestic wire transfer (I am the chapter treasurer) for chapter business. The email used my first name and was signed by the president of the chapter.

     

    Nothing suspicious. I replied asking for details. The president and I subsequently had a phone conversation where he revealed that the original enquiry was not from him.

     

    Be aware of this, I was amazed at the level of correct relationship details provided.

     

    Cheers Neil

     

    Neil Paton, Ph.D.

    Lead Statistician

    Cargill Animal Nutrition

    10 Nutrition Way, Brookville OH, 45309

    Work: +1 937 962 5017 | Mobile: +1 937 336 4204

    Neil_Paton@Cargill.com | www.cargill.com



  • 2.  RE: Phishing emails for domestic wire transfer - ASA chapter president requests wire from treasurer

    Posted 09-27-2017 16:38
    Hello, all!

    Thank you for sharing the warning, @Neil Paton! Phishing scams of this type are becoming increasingly common and sophisticated. If any of you are targeted by a scam like this or suspect an email or phone call of being a scam, contact Steve Porzio (steve@amstat.org) to let him know. 

    You can find a PDF with some information on identifying spoofing attempts (which are often associated with these scams) by clicking here and downloading the PDF from the ASA Community library.

    Here's an example of a past scam email that was caught "in the wild":

    Hi [Your Name], good morning, how are you, are you available at the moment?

    I need you to email me Board Meeting Minutes and also confirm the available balance on the account, we have urgent wire to take care today. I would prefer to call you but can't receive or call at the moment.

    Regards,

    [Officer Name]

    PRESIDENT.

    The officer who received the email in question checked the email address this email came from and noticed that it was from pstoffice01@aol.com, which was not the officer's actual email address.

    - Lara

    ------------------------------
    Lara Harmon
    Marketing and Online Community Coordinator
    American Statistical Association
    ------------------------------

    Original Message


  • 3.  RE: Phishing emails for domestic wire transfer - ASA chapter president requests wire from treasurer

    Posted 09-28-2017 10:29
    I had essentially the same email from my section chair (I, too, am treasurer - of the Stat Ed Section) about a month ago.  Because we had just been communicating about a bill to be paid, I thought at first that it was legitimate.  But when it said something about the fact that he wouldn't be available for the next 24 hours except by email so please just take care of it, I got suspicious.  I, too, emailed the president, at the email address I had for him, and we realized quickly what it was.

    Ann Cannon



    Original Message


  • 4.  RE: Phishing emails for domestic wire transfer - ASA chapter president requests wire from treasurer

    Posted 10-11-2017 15:19
    Anybody who is a treasurer for an organization should always be on the lookout for that. Same for accountants. People who have access to the money and pay bills for orgs and companies are the target that hackers look for. It is a sad thing when the bad guys are building models of "ROI" so to speak against potential victims.

    I've attended a session on cybercrime presented by a regional FBI office and one case in particular really stuck in my mind. It was a local family business that had grown significantly. Through a cleverly packaged email, the hackers installed a software key logger on the accountant's computer. With that, they got the login and password to the bank account, and transferred all the funds to a bank in Estonia. Needless to say that many lives were impacted by that.

    Be careful,
    Francois

    ------------------------------
    Francois Dion
    Chief Data Scientist
    Dion Research LLC
    ------------------------------

    Original Message


  • 5.  RE: Phishing emails for domestic wire transfer - ASA chapter president requests wire from treasurer

    Posted 11-15-2017 13:54
    Hello, all,

    We caught another version of a phishing scam targeting chapter/section treasurers "in the wild." This one demands a treasurer pay a vendor (the bits in brackets and bold are where I removed names and email addresses so as not to share them publicly!):

    From: [Pretended Identity] [mailto:presidentbox01@gmail.com]
    Sent: Monday, November 13, 2017 9:55 AM
    To: [Target's Name and Email]
    Subject: Office Expenses&Supplies

    Hi [Target's First Name],

    I need you to execute a payment to Vendor, confirm if you can get it done today so i can forward you the payee details.

    Regards,
    [First Name of Pretended Identity]

    You can see several indicators of a scam attempt here:

    • Generic email address from an email service that allows people to create free, anonymous accounts
    • Email address that does not match the supposed sender's actual/usual email address
    • Vague details -- who is Vendor? Why is the request so urgent?
    • Unusual capitalization, spacing, and grammar.
    • Urgency of demand (it has to be done today, before close of business, etc.)
    Scammers continue to get more aggressive in all spheres, so remember that if you get an email that seems suspicious claiming to be from the ASA or an ASA staff member, officer, or volunteer, forward it along to Steve Porzio at steve@amstat.org.

    - Lara

    ------------------------------
    Lara Harmon
    Marketing and Online Community Coordinator
    American Statistical Association
    ------------------------------

    Original Message


Related Content