How We Can Help You: Workshops for Businesses & Organizations
Doug at TheDailyScam.com offers workshops for businesses and organizations that help them better recognize the threats that target them online and reduce their risks. In June of 2018, Doug gave a workshop to Maltz Sales Company of Foxboro, Massachusetts to raise awareness about scams targeting businesses. Most importantly, the workshop focused heavily on identifying key “red flags” that suggested or demonstrated likely fraud. Apparently the Maltz Sales employees were listening! We are thrilled to report a success story of two colleagues at Maltz Sales who thwarted a $12,000 scam that targeted them in late August, 2018. Maltz Sales is a company expert in fluid handling equipment and services such as pumps of all kinds and their related products.
One of their many customers for years has been Johnson Controls, Inc., a world-wide company with a corporate office in Milwaukee, WI. They also have an office located in Fort Worth, Texas. Maltz Customer Service received a Purchase Order by email from someone identifying himself as Christopher Lynn. The order was for nearly $12,000 worth of equipment, and it came with a list of credit references. It was not at all unusual for them to receive a Purchase Order by email. However, the PO had no phone number on it, and they thought this was odd, though not a problem. They also noticed that Mr. Lynn’s email address was not quite the same as the domain of the Johnson Controls website. However, Customer Service placed the order with their manufacturer and let Mr. Lynn know.
Readers should note that the Johnson Controls website uses the domain johnsoncontrols.com. The email address used by Mr. Lynn in his communication with Maltz Sales was johnsoncntrls.com. This is an important “red flag” and a trick often used by criminals trying to disguise themselves to appear legitimate. (For example, TDS just learned of an advance-check scam where criminals purchased the look-alike domain “beatssarcoma[.]org.” The real organizations website is beatsarcoma.org.)
A few days after placing the order, Mr. Lynn checked in via email with an employee named Michelle to get an update on the status of his order. She reported to us that Mr. Lynn’s English was always awkward in his emails, including odd capitalization, indicating that perhaps English was not his first language.
This bothered Michelle enough that she looked on LinkedIn for an account associated with Christopher Lynn. She easily found his account showing that he was employed by Johnson Controls, Inc. in Fort Worth, Texas, a company they had done business with in the past. More importantly, she noted that LinkedIn account for Chris had more than 500 business connections and was full of information dating back many years of his professional and educational career. There was nothing about this account that suggested English was not his first language. It continued to bother Michelle that Mr. Lynn’s language skills did not seem to match the experience and professionalism indicated by his LinkedIn account. Though there was nothing specific that should stop this order from going through, Michelle still felt uncomfortable. She shared here concern with a colleague named Walter.
Walter agreed and looked up the website for Johnson Controls in Fort Worth, Texas and called the phone number listed on the site to ask for Mr. Christopher Lynn. Unfortunately, he was sent to a voicemail box for Mr. Lynn where he left a message about the order he had placed a few days earlier. But now the pump order was ready to ship.
However, shortly after sending the email above to Mr. Lynn that his order was scheduled to ship that day, Michelle received the following email back from Mr. Lynn…
Once again, the awkward English bothered Michelle. And she was now very concerned about this sudden request to change the shipping address. When we interviewed Michelle, she said she was most bothered by seeing the words “act fast” in Mr. Lynn’s email. She told us that it actually reminded her of scam emails she had seen. She looked more critically at the email sent from Mr. Lynn and compared it to other emails they had from Johnson Controls. The email addresses were clearly different. Again, she shared her concerns with Walter and the two of them decided that this order needed a more critical eye. Walter replied to Mr. Lynn’s request to change the address to say they had some questions about putting the order through. Mr. Christopher Lynn actually called Walter and was very assertive saying that Maltz Sales had to ship the order as promised, and that it was “net 30.” (Meaning that he had up to 30 days to pay the bill.)
In the hours that followed Mr. Lynn’s request, Walter and Michelle learned the following from their investigation:
- Walter called Johnson Controls and asked to speak with the Purchasing Department. He asked the person he spoke with to confirm the order that was placed with Maltz Sales. Sometime later he received a call back from the Purchasing Department saying that they had no record of any such order for $12,000 in equipment from Maltz Sales.
- Michelle started looking into Mr. Lynn’s credit references. It turns out they were completely made up and unverifiable.
- Michelle used Google to look up the changed address that Mr. Lynn had requested at the last minute instead of delivering to Fort Worth, Texas division of Johnson Controls. She discovered that it was the former warehouse for a company called Trik Topz, a seller of novelty items like t-shirts, magnets, and buttons. As far as she could tell, the warehouse was now empty because the former business had moved.
Given the information they now had, Michelle and Walter cancelled the order, saving Maltz Sales $12,000! We did some additional investigating and learned the following…
- The Johnson Controls, Inc website was registered in 1995 by Johnson Controls corporate office located in Millwaukee, Wisconsin. The information posted with the Registrar was easily verifiable.
- The domain used by “Mr. Lynn,” johnsoncntrls[.]com was registered through a Canadian proxy service on August 2, 2018, a couple of weeks before contacting Maltz Sales.
- Mr. Lynn’s domain johnsoncntrls[.]com also used a Netsuite portal to deliver his emails. This made it impossible to trace the origin of these emails.
It seems as though someone had quite purposely stolen Christopher Lynn’s identity from LinkedIn, purchased a look-alike domain and tried to perpetrate fraud against Maltz Sales. We strongly suspect this impersonator targeted other businesses as well who may not have been so lucky to have Michelle and Walter on their staff. They are our $12,000 heroes!
Recently, The Daily Scam has been hearing from a few other businesses that are being heavily targeted by scammers. Most recently, someone from a Real Estate firm told us that they are being “hammered” by fraudulent and malicious emails.
For example, one of the firm’s employees named Dawn received this email below from the head of the firm, a woman named Dale. Dale appeared to be sending Dawn an urgent request to purchase ten $100 iTunes gift cards. Except that the email didn’t come from Dale’s real email address. Her name preceded the real “from” address and it wasn’t Dale’s. Fortunately, even Google’s Gmail service recognized that this was an unfamiliar email address.
Paying attention to detail is critical in seeing through fraud and online deception. The Daily Scam is here for you and offers workshops for companies and organizations across the U.S. on the details to notice! Contact Doug at Doug@thedailyscam.com.