This past year, there is seems to be a huge surge of hacking, fraud and malicious intent. Take a look by this list from CNET called the CNET Hacker Chart. Some were done as pranks, and others in response to some political change, civil disobedience, and others, more malicious in intent, focusing on user lists, passwords, credit card numbers, etc. These places that were infiltrated should have been the most secure government agencies, and large private sector companies.
Thieves are becoming more creative. The reasons why this could be happening are numerous (unemployment, economy, desperation). What is scary is that these fraudulent people are getting good, really good. I recently received an email requesting about $30,000 worth of Ipads and phones. Did I think it was a scam? My gut said yes, but this company that the Request for Quote came from was a client of mine years ago. (What a coincidence!) I know that they are a legitimate company; I knew the address was real. Because of my gut feeling, I started to do some research. I called the company and had them verify employment of the person who sent me the email. It was verified and he was on the Senior Management Team for the company. This thief also provided me with all the information needed for a credit application, including references. Everything seemed to check out successfully until I started noticing the details.
So having said all this, you’re probably wondering what I did. I did two things. First, I called the company, and spoke to HR again. They denied providing me any information before, and generally didn’t want to talk to me. I informed them that is person is committed fraud against a Sr. Executive Officer, and also providing your company’s sensitive banking information and references in order to get credit from other companies. They promptly said, “Thank you for your information, and we’ll contact you if our security team has further interest.” They never contacted me. Second, I contacted the Internet Crime Complaint Center. This website was formed with the FBI, National White Collar Crime Center, and the Bureau of Justice Assistance. I filed my complaint and concern, and left it in their hands. There isn’t much more that can be done unfortunately.
The person stopped contacting me, so maybe the law enforcement did something to catch the guy, but the skeptic in me thinks that he’s moved onto the next target, providing sensitive company information to others in order to lure them to send him product. The only thing we can do is be on our guard, and do research on those we do business with. To err on the side of caution is never a bad thing.