In this first one, a colleague of mine was contacted by a person purporting to be from a firm of attorneys he invoiced for work he did. He had sent an invoice to this firm over Docex, a document delivery service run by the Post Office. The caller quoted my colleague reference details from the invoice and the caller said he had overpaid an amount into my colleague’s bank account in error and asked for the difference to be repaid.
My colleague checked his bank account and sure enough, there was a large payment into his account, far more than the amount he invoiced. The caller was pretty insistent that the money be paid back straight away by EFT. My colleague instead wrote out a cheque and told the caller he could collect it from his office, which the caller never did. In a day or two the payment into his account was cancelled and marked as “unpaid”. It was presumably a bogus cheque payment which bounced. My colleague confirmed the whole thing was a scam when he called the attorney directly and found that the attorney whose alleged representative called him, knew nothing of this.
Spoofing a mobile network
This next one is even more intricate. A customer was called by someone purporting to be from Cell C and was told that he, the caller, was tracking down some fictitious fraudsters who cloned Customer’s mobile phone. Caller told Customer to turn off his mobile phone so Caller could track the fictitious fraudsters, which Customer eventually did. Caller’s buddies, in the meantime, hijacked Customer’s office line at the Telkom exchange/box and rerouted his calls to another number.
At the same time more of Caller’s buddies went to Customer’s bank and presented a large cheque, apparently issued by Customer, for payment. The bank, careful to verify such payments, called Customer’s mobile phone and found it was off. They then called Customer’s office and got through to Caller’s buddies. One of Caller’s buddies answered and said he was Customer and approved the payment. Around this time Customer’s girlfriend also tried to reach Customer and after not being able to reach him on his mobile phone, called his office and got through to Caller’s buddies. She quickly realised there was something untoward going on and managed to get in contact with Customer who alerted Telkom, his bank, the police and the mobile network. Caller and his buddies were fortunately prevented from getting away with any money.
Stories like this make me very wary of cheques and anything run by the Post Office. I have pretty much stopped using cheques (there are so many stories now about cheques being washed and reused) and I send invoices electronically. It is also a very good idea to double check any calls that appear to be legit before you give away personal information like ID numbers and others as well as make any payments. What will be really scary is if fraudsters manage to get the personal information you use to verify your identity to banks and then start masquerading as you so be really careful about who you give details like your ID number to.