Couple lose £120k in email scam
Discussion
Durzel said:
Apple doesn't have DNSSEC.
Google has softfail SPF settings.
Neither has DMARC.
..etc..etc
SPF, DKIM, DMARC etc are not some kind of anti-fraud magic bullet. They overlap in some areas, and they don't work at all where a given recipient mail server isn't also set up to verify this data. What good is this solicitor having SPF et al set up if their clients email systems don't?
It doesn't help that end users are completely oblivious to what these things are. At least two-factor authentication is standardised, explained well to laymen and is something they can choose to use if they want more security. Email needs something akin to that if it's ever going to have any value as a secure messaging platform, and the only practicable way that's going to happen is if the likes of Apple, Google and/or Microsoft impose it on people.
It’s not a magic bullet but that’s currently the best and only and very very common way to prevent someone pretending to be you on email. You would think that a firm who’s customer just lost 120k off the back of a spoofed email from them would want to look into that.Google has softfail SPF settings.
Neither has DMARC.
..etc..etc
SPF, DKIM, DMARC etc are not some kind of anti-fraud magic bullet. They overlap in some areas, and they don't work at all where a given recipient mail server isn't also set up to verify this data. What good is this solicitor having SPF et al set up if their clients email systems don't?
It doesn't help that end users are completely oblivious to what these things are. At least two-factor authentication is standardised, explained well to laymen and is something they can choose to use if they want more security. Email needs something akin to that if it's ever going to have any value as a secure messaging platform, and the only practicable way that's going to happen is if the likes of Apple, Google and/or Microsoft impose it on people.
Edited by Durzel on Monday 23 October 12:55
Both google and Microsoft respect spf and dkim.
boxedin said:
Personally, I've avoided any use of IT in these situations, recently having transferred sums to and from various companies including solicitors.
All the Bank details were supplied face-to-face [1], no phone, no emails. The payments were made in person at a Branch which were also sanity checked by the branch staff so any incorrect keying of numbers wouldn't occur, unless all three of us suffered the same inability to read!
If you're not happy to lose the amount of money involved, reduce the amount of IT in the process.
[1] the solicitor dealing with the transaction did comment they wished more people did it this way instead of relying on emails.
on the other hand, I have seen far far more error being created through human error than I ever have from hacking/fraud, even when triple checking is in place. There are often more weak links than you think.All the Bank details were supplied face-to-face [1], no phone, no emails. The payments were made in person at a Branch which were also sanity checked by the branch staff so any incorrect keying of numbers wouldn't occur, unless all three of us suffered the same inability to read!
If you're not happy to lose the amount of money involved, reduce the amount of IT in the process.
[1] the solicitor dealing with the transaction did comment they wished more people did it this way instead of relying on emails.
Durzel said:
The people doing these scams are not your regular "your PayPal account has been suspended!" indiscriminate phishing email fraudsters. I've heard from friends in IT of instances where scammers have had a dialog weeks prior with the MD to get his email address and a sense of how he writes emails, followed his public social media to work out when he was out of the office, telephoned the office and been told that he is on holiday (another weak point in social engineering) and then when finding out he's not in they spoof emails purporting to be from him, in similar language to him, asking for urgent payments to be made. Because the MD isn't in, an IT illiterate financial controller can't verify a transaction face-to-face, and just process it blindly.
These attacks are called 'spear-fishing' attacks and can be very hard to spot.Edited by Funk on Monday 23 October 13:38
PIGINAWIG said:
I know the couple that lost this money very well. It was actually the client that had his email hacked, not the solicitor. He is usually very diligent regarding financial matters so I was very surprised that this has happened.
Regardless of blame etc, he’s a bloody decent lad and this is having a huge impact on his life.
I will update here as and when there’s more info.
Cheers
Okay, so the clients own email was hacked. That makes more sense. No point blaming Lloyds or the solicitors.Regardless of blame etc, he’s a bloody decent lad and this is having a huge impact on his life.
I will update here as and when there’s more info.
Cheers
The interesting part of this story is the Nat West account to which the funds were actually transmitted. That is either:
1. a genuine company to which the fraudsters somehow had access
2. a genuine account owner being used as a ‘mule’ (the account owner knowingly receiving and re-distributing fraudulent money)
3. a company set up with the intent to use as a vehicle for receiving fraudulently obtained money
A quick search on Companies House shows that the company was set up in 2015 for medical care / nursing home activity purposes. And the sole director was a Mrs Ntolera-Mujungu. A Malawian national. And the company was subsequently (recently) struck off - presumably for non-submission of annual returns.
This feels like it is more likely to be type 3. If true, it could be argued, that Nat West have facilitated a vehicle to be used for fraud ?
Busa mav said:
ash73 said:
As has been mentioned several times, you should make a nominal payment first and save the payment details, then pay the balance only after they have confirmed receipt.
A lot of my clients do that now, even for sums of £500.is there a way the phone number could be highjacked?
ash73 said:
TwistingMyMelon said:
I had a big payment to a solicitor recently
I got them to email bank account details
I then rang them and spoke to solicitor to check bank details
I then transferred money and got solicitors to confirm via phone they had got payment
Wouldnt do it any other way
As has been mentioned several times, you should make a nominal payment first and save the payment details, then pay the balance only after they have confirmed receipt.I got them to email bank account details
I then rang them and spoke to solicitor to check bank details
I then transferred money and got solicitors to confirm via phone they had got payment
Wouldnt do it any other way
Although I forgot to say that I checked the account details with my sister who paid the same solicitors earlier in the year and they were the same
I was also in a rush for them to get the money, which explains how these scams often work!
Efbe said:
Busa mav said:
ash73 said:
As has been mentioned several times, you should make a nominal payment first and save the payment details, then pay the balance only after they have confirmed receipt.
A lot of my clients do that now, even for sums of £500.is there a way the phone number could be highjacked?
OddCat said:
3. a company set up with the intent to use as a vehicle for receiving fraudulently obtained money
A quick search on Companies House shows that the company was set up in 2015 for medical care / nursing home activity purposes. And the sole director was a Mrs Ntolera-Mujungu. A Malawian national. And the company was subsequently (recently) struck off - presumably for non-submission of annual returns.
This feels like it is more likely to be type 3. If true, it could be argued, that Nat West have facilitated a vehicle to be used for fraud ?
Absolutely, NatWest need to be investigated from that angle and if they have failed their due diligence checks then they need to be dealt with. Of course it may be the case that if this Ntolera-Mujungu has no history then they can't have spotted anything. However she would or should have had to provide valid ID and other supporting documents when opening the account and in an ideal world I would like the police to go a knocking on her door. I'm sure there's someone they could nick for this if they put the effort in.A quick search on Companies House shows that the company was set up in 2015 for medical care / nursing home activity purposes. And the sole director was a Mrs Ntolera-Mujungu. A Malawian national. And the company was subsequently (recently) struck off - presumably for non-submission of annual returns.
This feels like it is more likely to be type 3. If true, it could be argued, that Nat West have facilitated a vehicle to be used for fraud ?
OddCat said:
A quick search on Companies House shows that the company was set up in 2015 for medical care / nursing home activity purposes. And the sole director was a Mrs Ntolera-Mujungu. A Malawian national. And the company was subsequently (recently) struck off - presumably for non-submission of annual returns.
...a little searching, and cross checking / referencing, brings up details of the good lady herself complete with pictures. Perhaps she could shed some light on matters......http://grajoh.com/grajoh-founder-johnson-mujungu-s...
OddCat said:
PIGINAWIG said:
I know the couple that lost this money very well. It was actually the client that had his email hacked, not the solicitor. He is usually very diligent regarding financial matters so I was very surprised that this has happened.
Regardless of blame etc, he’s a bloody decent lad and this is having a huge impact on his life.
I will update here as and when there’s more info.
Cheers
Okay, so the clients own email was hacked. That makes more sense. No point blaming Lloyds or the solicitors.Regardless of blame etc, he’s a bloody decent lad and this is having a huge impact on his life.
I will update here as and when there’s more info.
Cheers
The interesting part of this story is the Nat West account to which the funds were actually transmitted. That is either:
1. a genuine company to which the fraudsters somehow had access
2. a genuine account owner being used as a ‘mule’ (the account owner knowingly receiving and re-distributing fraudulent money)
3. a company set up with the intent to use as a vehicle for receiving fraudulently obtained money
A quick search on Companies House shows that the company was set up in 2015 for medical care / nursing home activity purposes. And the sole director was a Mrs Ntolera-Mujungu. A Malawian national. And the company was subsequently (recently) struck off - presumably for non-submission of annual returns.
This feels like it is more likely to be type 3. If true, it could be argued, that Nat West have facilitated a vehicle to be used for fraud ?
http://2beloved.org/about/
If they are the same person it makes for amazing reading.. Husband in IT (just saying).
Brief bios
Mr Johnson Mujungu is a graduate of the University of Toronto and an Information Technology and Project management consultant currently employed as IT Supervisor at the Commonwealth Secretariat. He is also the former President of the International Community of Banyakigezi Inc.. Johnson is a connector, mentor, group facilitator and a community leader. He is Connector’s Connector!
Mrs Grace Ntolera-Mujungu graduated from Manchester Metropolitan University with an MBA and worked as a Resettlement Officer with the Royal Borough of Kingston Upon Thames before going into self-employment. She is currently the Executive Director at Grajoh Investments, owns and runs Grajoh Fashion and Accessories, a UK based online business and Value Point shop – a Household, electrical goods and fashion shop at Aram Mall, Limbe, Malawi. Grace is a fashionista and into Interior designing. She is the epitome of gracious living.
http://grajoh.com/grajoh-founder-johnson-mujungu-s...
Photo of the happy (and £120k richer) couple. Allegedly.
Her Facebook: https://www.facebook.com/gntoleramujungu
Mods: This is all information freely available via Google searches, and the company name was reported by The Guardian and its directors are a matter of public record.
Photo of the happy (and £120k richer) couple. Allegedly.
Her Facebook: https://www.facebook.com/gntoleramujungu
Mods: This is all information freely available via Google searches, and the company name was reported by The Guardian and its directors are a matter of public record.
Edited by Durzel on Monday 23 October 18:43
AndStilliRise said:
Good sleuthing boys. But can we be sure before we start accusing someone who is innocent?
Can we be sure of what ? That the bank account of a company that she ran was used to launder money stolen by scammers ? Yep, I think we can be pretty sure about that. Was she personally responsible ? Who knows. I'm sure she's still living at the address shown for her at Companies House (and won't at all have 'gone away') and that she would be more than happy to assist the police / fraud investigators with their enquiries if they could be at all bothered to ask her.
Funny that the Guardian only did half a job. Why didn't they do a little more investigation around the receiving company ? Lazy so and so's just went for the usual easy target (the banks).
PIGINAWIG said:
I know the couple that lost this money very well. It was actually the client that had his email hacked, not the solicitor. He is usually very diligent regarding financial matters so I was very surprised that this has happened.
Regardless of blame etc, he’s a bloody decent lad and this is having a huge impact on his life.
I will update here as and when there’s more info.
Oh wow, I wasn't expecting that.Regardless of blame etc, he’s a bloody decent lad and this is having a huge impact on his life.
I will update here as and when there’s more info.
It would be interesting to know if the scammer just got lucky in finding somebody about to make a large transaction, or if they were targeted in some way.
justinio said:
So why arent the police kicking their front door in and looking under their mattress for a pile of tenners?
Because in these cases the money will have long been sent "home" via some means. Once it leaves the UK and is somewhere offshore there is a tiny tiny chance recovery. The two people that I mentioned could be the victims of account takeover or stolen documents that are then used to open bank accounts. I will let the police judge.
Gassing Station | Speed, Plod & the Law | Top of Page | What's New | My Stuff