The Jewelers’ Security Alliance is warning the industry of a new seemingly sophisticated con in which jewelry companies are asked to send payments meant for vendors to fraudulent bank accounts.
The New York City–based security group says that it’s received two reports in the last month in which jewelry companies received startlingly on-target communications from vendors informing them of changes in their bank accounts. But when the principals checked with the vendors, they found the vendors had nothing to do with them.
In the first instance, a diamond company received an email from a vendor’s standard address specifying a new bank account to send wire transfers. Since it was a bank holiday, the manufacturer didn’t sent any payments, and when a company principal talked to the company the next day he found the company never sent the message.
In the second, a jewelry manufacturer received a letter from a vendor on company letterhead, advising payments should be sent to a new “brother company account in the USA.” The obscurity of the bank made the manufacturer suspicious—rightly so, as the message was a clever fake.
In both cases, the companies escaped losses. But JSA president John Kennedy says what was most notable about the attempted fraud was how convincing both the letter and the email were.
“The paperwork was perfect,” he says. “Someone must have gotten hold of the format and signature of the company they pretended to be.”
Kennedy says he has no idea if the two attempts were connected, but notes that they occurred quite close together and involved different communication methods.
The lesson, he concludes, is to double-check such requests with your vendors.
“Whether it’s sending product or sending money, if someone says send it to a different place, make sure it’s the right place,” he says.
But don’t double-check through email, he warns, as that can be—and in one of the instances above, likely was—hacked.
“Make sure you speak to someone you trust at the company,” Kennedy says.