Thursday, April 25, 2019

Heeeeere fishy fishy fishy...

Every once in a while we get phishing emails at work, and last week I got the first one I’ve had in months. It was someone posing as a senior member of staff requesting a change to that employee’s direct deposit information. Now, since the real employee’s photo didn’t come up in Outlook, and though the “From” email address had the employee’s name attached to it, it wasn’t the format we use for corporate emails, and the domain was something totally random, so I knew after about 1.6 seconds that it wasn’t legitimate. My first thought was to just delete it and let everyone know that I’d got it and they should keep an eye out in case there were any more.

My second thought was, “You know what? No. Two can play at this game.”

The original email (complete with typos etc.) read:
Elizabeth,
I have recently changed bank and would like to have direct deposit change to new account. I need your prompt assistance on this matter.


I replied:
Thank you, [Name]. I will attend to this immediately upon receipt of your new bank information. I will need the routing and account numbers, and the name of the bank.

S/He replied:
Below is my account new information to effect change of direct deposit of my 100% net pay.
Here's my new DD information ;
Bank name: XXXXX Bank
Bank Routing #:
XXXXXXXXXXX
Account #:
XXXXXXXXXXX
Type: XXXXXX
Let me know as soon as this is updated and also kindly confirm exact pay date if changes for my reference.
Your prompt response will be gladly appreciated.


At this point I thought WOW. Okay, cool, I know what to do with this. I looked up the routing number and found out the bank attached to it, gave their Fraud Squad a call, and got the account shut down. I was pretty pleased with myself by this point because, you know, civic duty and whatnot, so I decided to respond in the affirmative and wait to see if this doofus said anything when the money didn’t show up in the account on the 19th.

I replied:
I have made the necessary changes. The next deposit will occur this Friday, April 19th. If for some reason the deposit does not come through, please contact me immediately.

I figured this would probably be the end of it for a while, so I was rather surprised when I got the next email.

S/He replied:
Thanks , can i have copy of my last pay stub?

This was a ballsy move. I had to go into a meeting, so I ignored the request until I was finished with that and then I replied:
Sorry, I was in a meeting. My side of the portal is down at the moment, but I just spoke to Kelly and she says the employee side is working fine. You can access your stubs from there—that way you don't have to wait for me to be back online.

As with most HR & payroll systems, our employees can access all their own information and paperwork through a staff portal, so this wasn’t too outlandish an answer, even if the admin-side technical difficulties and “Kelly” were fictional. I wasn’t sure what sort of a response I’d get from this.

S/He replied:
Having a technical problems.

Well, now what? Fake a pay stub, that’s what. Oh, the things you can do in Excel… I replied:

Please see attached.



At this point I was immensely pleased with myself, but also figured that this would have to clue the person in to the fact that I was trolling...right? Apparently not.

S/He replied:
I just got a call from my bank that my account is blocked some people try to hack into my account, my paycheck won't able to go through into my previous account for my pay on Friday. Can I send you my other account for my pay for April 19th can go through it and my future payments.
Please advise.


Oh. Okay. We’re doing this again? Sure thing, Boss.

I replied:
Yes, please send me the alternate account information (routing & account numbers).

So the person sends me another set of account numbers. And I call another bank to have the account flagged as fraudulent. And then I get another email.

S/He replied:
Sorry my bad but there was an error in the account number i sent to you , my bank say's the paycheck money will be returned back and is there anyway you can reprocess it again?
Please Advise.


At this point, I’m wondering if this person has ever mastered the concept of ‘cause and effect’. Like, if I drop a glass on the floor, it shatters, right? So you would think that this person would make the connection. “If I send this person account info, and then the account gets blocked, maybe this person is calling these in as I send them and getting them closed.”

Apparently I’m giving them too much credit.

At this point I was kind of over the whole thing, so I faked an ‘out of office’ reply, figuring that if they responded to the email address I said should be used in the case of urgent matters (the generic HR email address) that I could pick things up again by pretending to be someone else when I got back into work from the weekend (on Tuesday, because I decided to take Monday off just because.)

8:24 AM this morning when I returned to the office:
I didn't get my check pay on Friday , can you make a wire transfer to my preferable bank account?

It’s Tuesday, 4/23, as I write this. I’m debating what to do now. I could ask for more account info and see if I get it, and then I could get yet another account closed. Civic duty and all that, you know. Alternately, I could write back that I have, in fact, been trolling this whole time, and tell this person just how braindead I think they are. It wouldn’t accomplish much. The really annoying thing about all of this is that the FBI won’t touch cases like this because they’d end up doing exactly what I’m doing--endlessly emailing and calling, rinse, repeat--and these phishers open new accounts and move their money around so quick that the minute you shut one down another is ready to go, so there’s not much actual progress. I was having fun with it to begin with, but now it’s just really, really repetitive and time-consuming and pointless.

::sigh::

But I still kind of feel like I ought to bill Uncle Sam for my time. Just sayin’.

No comments:

Post a Comment

::does best ostrich impression::

So, I've been saying how everything is kind of a lot right now, right? I think I need to take a week or two off. I'm not in a good p...