COVID-19 Update: How We Are Serving and Protecting Our Clients

E-Mail Spoof Hackers

There are so many variations of fraud by use of the Internet to illicitly extract money from people. Other areas we describe and have prosecuted as shown on our site include dating or romance scams, outright identity theft, gift card scams, investment fraud, and estate mishandling just to name a few. This is certainly not an exhaustive list. Internet thieves and hackers are so creative, we are surprised regularly by new and innovative scams.

Another egregious fraud is when a hacker is able to redirect a large money payment usually from a business to the tune of hundreds of thousands of dollars to his/her account.

Definition of “Spoofing”: Spoofing is when a person or employee receives an email from someone imitating a trusted source.

The signal that one is being spoofed is an email that apparently has the specifics of the sender, the receiver, and other details such as a certain purchase or shipment of goods. And it usually comes in the form of an Invoice or other request for payment. To confirm the truth of the person asking for payment, one has to verify the exact email address of the sender. The spoofer or hacker may use the real name of the business or vendor, but the domain name will have a slight and barely detectable variation.

The scheme has been to change an email address ever so slightly so that the payer does not notice the slight variation. Some examples are:

Actual: rmorris@loushardware.com Hacker created: rmorris@lous_hardware.com

Actual: ljones@bricknmortar.com Hacker created: lijones@bricknmortar.com

Actual: ksmith@wallyspool.com Hacker created: ksmith@wallyspools.com

In other words, the email address is changed ever so slightly so that the business wires money to an account associated with the fraudulent email address, and not the true one. This can result in the illicit transfer of hundreds of thousands of dollars to the fraudster, but there really is no limit. The fraudster sets up a transient account at even a reputable bank, and simply absconds with the money.

How does an e-mail spoof or hack occur? Email addresses are simple to view and imitate. Some people’s and businesses’ domains may be a public domain site, i.e. Twitter, Instagram, Facebook or LinkedIn, and are easily viewable. And certain similar domains are still available to purchase. Another risk is that a PC, phone or IPad can be infected with malware which stores data and searches and even contacts lists.

Still another issue is unprotected public Internet systems such as publicly available Wi-Fi. The moral of the story always is to be very selective in disclosing personal information, contacts, or accessing websites that are not verified.

In our experience, banks are not paying attention. Somehow, they are setting up accounts with little or no real verification of identity of the accountholder to allow this fraud to occur virtually anonymously. At very least, through litigation we have been able to gain information regarding the fraudster. In certain instances, we have been able to claw back a portion of the funds. The point of litigation is to one day get information from the bank to actually pursue the real scammer.

Who is guilty of this fraud? It can be an “inside job”: one by a current or former employee with knowledge of the payment history and vendors of the business. If successful, the person can abscond with enough money to leave employment and fade into obscurity.

A second type of fraudster, is outside the business. The fraudster need only know an email address of the business to create the spoof email and divert funds in the manner described above. This type of person is obviously less traceable, and has no tie to the payor of the funds.

The main hope is to track down the fraudster(s) with use of the depository bank information. That requires a lawsuit against the bank, typically only for that information. Otherwise, it is unlikely that money can be recovered directly from the bank.

In terms of self-defense or preventative measures, it is crucially important that accounts payable employees or owners of businesses verify, cross-check or otherwise insure that all of the receivers’ information is correct. This includes e-mail addresses, account information, confirmation numbers and the identity of the recipient(s).

We have found that even when administrative employees and owners are careful, this type of fraud can still happen.

If your business is a victim of this kind of e-mail spoof hack, feel free to call us at (212) 835-1532 to consult and discuss our fees for filing litigation. We take cases in and around the five boroughs of New York City, Long Island and certain counties in the upper counties of New York, as well as counties and federal Court in New Jersey.

Client Reviews
★★★★★
I highly recommend this law firm. Attorneys Unger and Benjamin battled a real estate scammer who defrauded me out of substantial money. They were able to get a good result for me after the defendants put up numerous obstacles and delays over 18 months. And they were honest with me regarding their upfront and contingency fees. Definitely hire this firm if you are a victim of fraud or breach of contract. Rebekah W.
★★★★★
Over the years I have had dealings with many of attorneys and I can honestly say that Mr. Benjamin is the best lawyer I have ever worked with. He's conscientious, and takes care of your case as if his own interests were at stake. He's professional, always answered my calls and takes the time to discuss the best course to take. Everything was done timely and efficiently. I couldn't be happier with the result. I wish they were all like him. The best decision I made was to use him for all my legal needs. Nancy O.
★★★★★
Attorney Benjamin is an excellent attorney. He battled a finance company for me for nine years, defeating multiple motions that were thrown at him over the years. He is an honest, compassionate and trustworthy attorney, and was an aggressive advocate for me for a long time. After so many years, he finally got a great result in August, 2015 after defeating still another motion by the lender. I highly recommend Attorney Benjamin. Daniel O.
★★★★★
We hired this Firm on July 20, 2018 to sue a company for fraud. While the case took longer than we wanted, the lawyers battled for 1 year with this nationwide real estate company to expose the scam they inflicted on us. In order to get to settlement, our lawyer Jeffrey Benjamin cut the Firm's fee in order that we could put more money in our pocket and settle. The lawyers here are honest and bent over backwards to make us happy and settle, and not drag out the case for years. We are so happy we went with this Firm. Thank you. K.J.