I am sharing this email dialog of a recent phishing scam with the hopes of raising your awareness on how sophisticated online scams are becoming and how much work and detail scammers will put into a online scam. The emails I share here are real and un-edited. This scammer spent time researching our company and key employees. He was trying to get us to transfer $23,460 to a "Client" by the end of business.

1st Contact - Subject Line "Urgent Request"

screenshot of scammer email

It's important to note that Nick sits right next to me and when this email came in he was on the phone. I didn't think twice about answering his email and at this point I didn't realize it wasn't really him but as you can see in the email above, when I hit reply it went to a strange email address.


At this point Nick was off the phone and I recognized that the reply address was not his. Not to mention we typically don't send large amounts of money to our clients so we decided to have a little fun with this guy and see how far we could push him. First we thought we would try and get him to fill out a W9 Form. Now the email subject switched to "Bank Wire Instructions"

Bank Wire

We insisted on the W9 and I also thought I would sell the fact that I though I was talking to the real Nick by asking about his time sheet and expense report:

More Scamming

The next email contained a completed W9 Form. He even did the research to find a manufacturing company that looked like they would be a good customer for us that wasn't to far from our offices. With the completed W9 in hand we decided to see if we could get him to jump through some more hoops so we found a complex 3 page wire transfer request form online and sent that to him:

Transfer Form

He filled out the wire transfer form and so we thought we would push him to cover the cost of the wire transfer. We even went as far as to send him a request through Paypal to the real address he was using to communicate with us.

More Requests

Now we thought we would really see how far we could push this guy and we started googleing "Complex forms" and we found a generic 2 page form that had something to do with a government grant request for release of construction costs. We called it the TPS report. That should ring a bell with you Office Space fans. We also kept hammering him on the paypal payment he needed to make.

Now We Have Him

To our surprise he did a great job on the TPS report. Especially considering he was on an iPhone in a meeting.

Much To His Surprise
Reverse Scammed

Much to our surprise we received a Paypal transfer to our account for the $80 fee from Subhash Bhatia. We decided we had spent way to much time on this and REFUNDED the money with the note on the bottom.

Lesson Learned Finale

One of the biggest threats to your companies security today isn't from hackers exploiting software or breaking code but rather from employees giving out information or passwords in response to scam emails or downloading malware in response to a email that looks like it came from a friend or colleague. Below is a great video from Johnson Bank on how to protect yourself. Please share this with your employees and friends:

What are my next Steps?

SEO For Businesses Website Development Conversion Rate Optimization Marketing Automation Digital Success Stories