Earlier this summer, Ottawa lawyer Lee Mullowney of Mullowney’s Law was the target of a phishing scam. Two fraudsters, reportedly from the Greater Toronto Area, attempted to defraud the firm out of hundreds of thousands of dollars as part of a loan default scam. Mullowney was wise to the scheme and decided to have some fun with the fraudsters. Mullowney recorded his conversation with the alleged lender Mr. Thomas W. Moss and posted a recording of the conversation on YouTube.
What is Phishing?
Phishing is a malicious attempt to acquire sensitive information from an unsuspecting party. For example, a fraudster may acquire your bank account login information by sending an email that appears to come from your bank. A fraudster may obtain your credit card number by claiming to be a friend abroad in need of help. These schemes are usually committed by email, especially these days, but may also occur by telephone, direct messaging, and other means of communication. Phishers target ordinary people and businesses to extract sensitive information or money from the victim.
In this instance, two gentlemen purporting to be in a dispute over a loan. The lender contacted Mullowney’s Law Firm in Ottawa seeking to recover $450,000 he loaned to a friend. The case seemed like a simple loan default recovery on the surface… especially since the borrower was so cooperative and contacted the firm as well offering to repay the borrowed funds. Mullowney was offered a handsome retainer for this simple task. Easy does it, right? When it sounds too good to be true…What made the case more suspicious was that the lender and borrower used throwaway email addresses to communicate with the lawyer.
Here’s what they were planning on doing, as explained by Lee Mullowney: “The catch is that the firm must accept a foreign cheque from the borrower and, as said cheque is processing (i.e., bouncing) in some far away place, the firm has paid out the settlement funds to the lender/client, whereupon the money is lost.”
Mullowney could recognize the scheme from a mile away, but he decided to have a little fun with it rather than swat these fraudsters away like the gnats they are. Lee Mullowney called the alleged borrower on his lunch hour to discuss their earlier email conversation. We’ve got a transcript of the conversation below, or you can listen to the video:
Mullowney: I’m just calling about this debt collection matter. I sent you an email yesterday, I haven’t heard back from you.
Moss: Ok yeah, I have it [unintelligible] the email. I’ll go in and read it and respond.
Mullowney: OK. I just wanted to let you know that I was contacted by Mr. Doyle.
Mullowney: I was contacted by Mr. Doyle.
Mullowney: Yesterday he sent me an email, I forwarded it to you.
Moss: I’ll have to go in and check my email…what is the reason of contact?
Mullowney: He indicates that he is willing to repay you the funds that you loaned to him. You may recall you sent me two copies of cheques. One was a cashier’s cheque I believe, drawn on the Bank of the Ozarks. Those funds you are claiming that you loaned to him. Of course, there’s another cheque which was for a lesser amount where you indicate that he has repaid you at least in part.
Mullowney: OK, so he’s now, according to his email, he’s willing to make good on the loan. I’m not sure why you would need a lawyer to act as a go-between if you two are apparently on speaking terms and it appears he’s willing to make –
Moss: I mean, I, I, I, I, like I said, I’ve always been calling him and [unintelligible] and he hasn’t been able to give me any good responses. Last time we spoke I let him know that I was getting and lawyer and he’d hear from my lawyer very soon. So I’m surprised that he went ahead to even contact you.
Mullowney: Right, no, you sent me these two cashier’s cheques yesterday. Do you still have those in your possession, those two cashier’s cheques?
Mullowney: OK. Where are they now?
Moss: Already been cashed at the bank, so I’m not supposed to have access to that. I believe I can get that from the bank, so do you want a copy from the bank?
Mullowney: Yeah, well interestingly I contacted the bank about this cashier’s cheque. I contact the Bank of the Ozarks, their head office today.
Moss: Is it the Bank of the Ozarks?
Mullowney: And I provided them with a copy of the cashier’s cheque and their head office tells me this cashier’s cheque was not issued by the Bank of the Ozarks.
Moss: Which branch did you contact?
Mullowney: I contacted their head office.
Moss: OK and they told you what?
Mullowney: That this cheque is fraudulent.
Moss: [long pause] You didn’t provide him our number with that?
Mullowney: Well this is a cashier’s cheque. So-
Moss: I mean I have an account with them. Did you provide a name and [unintelligible] Mullowney: Well I showed them the cheque.
Mullowney: And they said no such cheque has ever been issued by the Bank of the Ozarks, it’s never been cashed, they have no records whatsoever.
Moss: OK, that’s some mix-up there. What I’ll have to do first off is I’ll go through your email and I’ll respond appropriately. Meanwhile I’ll definitely have to give a call to them myself.
Mullowney: Right. I also noticed that these two cheques that you’ve sent me were both photographed on the same piece of paper, the same background. And I look at the metadata for each of these photographs and both of these photographs were taken yesterday.
Moss: [long pause] Sorry, I’m not following at this point.
Mullowney: The metadata. If I look at the code. These are digital images that have code. If you look at the code, the meta data – hello?
Moss: Hello? I’m right here.
Mullowney: If you look at the metadata for these photographs, it appears that both of these photographs were taken at the same time at the same place, which was yesterday. But you told me that you don’t have these cheques in your possession.
Moss: Alright, your metadata must not be correct, then.
Mullowney: So the bank is wrong and the metadata is wrong. Is that what you’re telling me?
Protect Yourself Against Phishing Scams
To avoid falling for a similar scam, you need to be vigilant. Here are few tips from around the web on how to keep your sensitive information safe:
- Always be suspicious with your email. Do not open spam email, and always be cautious with emails that request personal information. Remember, trustworthy sources will not ask for your password or credit card number via email.
- Never click links, download files, or open attachments from unknown senders.
- Do not communicate sensitive or financial information via email.
- Be suspicious if an email ask for any personal information. Phishing sites often spoof the look of legitimate websites, so be careful.
- Do not enter any information or click any links on a popup screen.
And always remember – if it sounds too good to be true, it probably is!