The significant increase of cyber-crimes has been accelerated by the COVID pandemic, particularly as businesses and government agencies quickly transitioned to remote workforces expanding opportunities for online attacks. Online financial crimes are reportedly up 100% since the pandemic began. If you're a distributor of video magnifiers or supplier of low vision magnifiers, take precautions and stay aware so your business and employees will minimize the risk of exposure to cyber activity. Unfortunately, a Distributor of Hongdee Corporation was recently a victim of an Internet crime.

A Real Story

We were invited in Spring 2020 to participate in a bid request from Eastern Europe for several 7" and 10" portable video magnifiers. We promptly submitted our price quotation. In September, the contractor advised us that we were awarded the bid and the purchase was scheduled for November. The buyer requested our payment information, so we promptly emailed our wire transfer payment details. Also, the buyer shared with us that these low vision aids are intended for visually impaired students at various schools. We waited patiently for a few weeks but then we began to wonder "why no payment and why no communication from this customer". We became increasingly concerned when we attempted without success to contact the buyer via email which had been our only method of communication to date, so we also tried to reach him by phone, on What's App text, via LinkedIn, and Facebook, but still no response. Hmmmm. Now, we began to worry.

A month later, we received a surprise phone call from the buyer. But our surprise quickly turned into shock when he said the payment was sent as scheduled and he had been expecting an email from us about the shipment details. "What?" our team member responded, "Let me check on the payment with our bank". While he waited on the phone, we checked on the wire transfer payment, but our bank did not receive the payment. "Where did you send the payment to?" our team member asked. After he provided the payment details, our team member responded "Oh, no, that's not our bank". Both of us were stunned! Obviously, the customer had become a victim of Internet fraud. The contractor had been scammed. It was an $80,000 Internet theft! We could hardly believe this happened.

So, what could the buyer or Hondee Corporation do now? The buyer reported this Internet crime to the police in his home country, and because of language issues we contacted the police in Beijing on behalf of the buyer. The country Embassy in Beijing was also alerted about this Internet fraud. Unfortunately, it's highly unlikely that any funds will ever be recovered, as is the case with most financial Internet crimes.

Beware of Internet Fraud

So, how did this happen? Internet criminals are constantly observing online traffic. In this case, email communication between the buyer and Hongdee Corporation was intercepted. The criminals viewed a financial transaction about to take place and seized upon the opportunity. They cleverly created camouflaged email addresses by substituting the @hongdee.com email with an @aol.com suffix and revised the payment details to their bank account. The buyer never realized he was no longer in email communication with Hongdee Corporation. To this day, the country of origin of the Internet criminals is still unknown.

A Happy Outcome

The buyer was impressed and appreciated the efforts and support of Hongdee Corporation in cooperating to report the Internet fraud. Hongdee Corporation even offered the supplier an additional discount as a gesture of good will and empathy. Hongdee's sales team retained the buyer's trust throughout the ordeal and the supplier proceeded to reprocess the order and payment. Hongdee Corporation even expedited the delivery to make up for some of the lost time.

Lessons Learned

Train your staff to recognize common tricks of Internet criminals. Verify the email address of the sender. If you notice a change in the email address, then don't remit funds until validating the authenticity of the sender via phone or text message and reaffirm the contents in the email.

Nowadays, especially during COVID-19, many people are working remotely and may occasionally use an alternate or personal email address. If an email address changes from an @company name.com business email address to an @aol, @yahoo, or @gmail address, verify with the sender via phone or text that the alternate email address is authentic. Check the company's phone number on their website to verify it matches the contact information in the email. Never call the phone number in the email without a secondary confirmation. Never verify email addresses via email. Remember, Internet criminals intercept emails and impersonate the company and their staff.

Slow down! Review payment details very carefully. If you have any suspicions about the payment details, contact the company via phone for verification to ensure you're in communication with the company directly.