Earlier this year, I received a call from my controller asking me to confirm the wire transfer that I requested for $35,000. Surprised, I asked, “what wire transfer?” She had received not only a request but responses from me by email approving the transfer. Fortunately, she was astute to realize we have never done a wire transfer before and that we don’t send money without approved invoices.
So, what did we do? First, we contacted our IT director who commended us on our prudence and said there is nothing you can do, and at that dollar amount, the police or feds won’t care enough to try and catch them. Second, we looked at the email exchange. What became clear was that this was very well calculated and planned; the email, logo signature, and even the language I would normally use was so accurate it was really convincing. It was like the scene from Jack Ryan, before leaving, Suleiman told him “peace be with you” – and Ali joked, “Not if she’s been with you first,” which became their secret saying. Third, we messed with the perpetrator, maybe not the best idea looking back at it, but we did. Our controller and I crafted a few emails stating the wire was sent and then waited for their panic when the money never came through despite us confirming over and over that it had been sent. We ended the correspondence by stating “I’ll just send a check.”
These scammers are savvy, and like identity thefts, if you haven’t experienced it yet, it’s just because they haven’t gotten to you yet. We have two clients that have been impacted directly. One who transferred $1M to the perpetrator and was unable to recover the lost funds. The second was on a project that we are managing. The attempt went like this: our client was contacted through email by a scammer posing as our general contractor project manager. The email stated that the general contractor was changing banks and needed to update their EFT (Electronic Fund Transfer) information. The anomaly came when the controller would add team members to her response and the replies from the “contractor” would omit those added to the email string. No money was transferred to the new EFT. As the owner’s representative, our client contacted us for guidance; we conducted a review of the request and clarified the scam.
How do you prevent being deceived into making a payment? This scam, unfortunately, robbed a Texas School District of $2.3M back in November. The fact is, EFT’s are common and safe to use, but be prudent and set them up in person or talk by phone from one company to another when setting them up or making any changes. Don’t wire money. Don’t pay any invoice without an approval stamp from the reviewing parties, be it your owner’s representative, architect or other. The other golden rule is when in doubt, don’t.
Paul Wember, President
Wember – Owner’s Representative