Something Else to Worry About

Glazing contractors best beware of the newest scam going around. It’s surprisingly simple, yet has duped owners and general contractors out of millions of dollars in payments that should have been going to you.

Here’s how it works: thieves either provide, or get payers to change, the account into which they transfer payments via wire transfers from a legitimate one to a fraudulent one. Once they receive the payment, they empty the account and run. Thieves generally accomplish this by hacking into email and using the basic knowledge they find there to run their scam.

The Marous Brothers, a general contracting firm in Ohio, learned this the hard way earlier this year when a $1.7 million payment they were due for renovation work from a local Catholic Church was instead deposited in an alternate bank account. The thieves had hacked into the system and changed the account to which the wired transfers were to be sent. When the St. Ambrose Church went to pay their bill, they unknowingly did so—but not to the Marous Brothers account.

As Pastor Bill Stec said to his parishioners in a letter explaining what happened: Upon a deeper investigation by the FBI, we found that our email system was hacked and the perpetrators were able to deceive us into believing Marous Brothers had changed their bank and wiring instructions. The result is that our payments were sent to a fraudulent bank account and the money was then swept out by the perpetrators before anyone knew what had happened.”

Thieves in the next county over from us here in Virginia were even more audacious. The theft occurred in July and came to light in August when it was discovered that a partial payment of $600,000 for a synthetic turf football field in Spotsylvania County had not been received by the contractor. The county had received a fax notice, purported from the contractor, changing the account into which such payments should be made. Turns out it wasn’t from the contractor at all but rather from the crooks. The county has since recovered about half of the payment, the other half is still missing.
What can you do to avoid falling victim or having your customers fall victim to such scams? Experts suggest you:

  1. Follow good cyber-hygiene. Undergo frequent check-ups and updates to your system; assess and correct vulnerabilities. Pay very careful attention to your email systems.
  2. Notify your vendor(s) that you will not be changing your account number throughout the course of the contract. Ask them to alert you if they receive any requests for such changes and to view them as suspicious.
  3. Verify the account information. Your bank can verify both the account name and location with the recipient bank before you transfer any money via wire.
  4. Keep tight controls on outgoing wires. Allow only a double verification process before sending.
  5. Never verify using the information on the account change order. Look up the name of the bank yourself and contact the bank through that information. Many scam artists have phone banks set up, if you call the number they provided, they will answer and it sound like you have reached a legitimate bank, but you haven’t.
  6. Report suspicious activity to the FBI. Cyber-hoodlums count on the fact that victims don’t want publicity. The only way to stop such crimes in the future is to report any irregularity to the FBI.