I want to take a moment to let you know about a scam that was tried on one of our customers recently. The scam came in the form of an invoice they received via postal mail. The invoice purported to be from a company out of Washington state, and was ostensibly for an annual renewal of some DNS failover services, at the moderate price of $65.00.
The invoice contained our customer’s business name, address, domain name, current DNS servers, and current e-mail server. It looks very professional and contains enough technical information to be very convincing.
The thing is, all of this information is publicly available as part of the world-wide Domain Naming System (DNS). It has to be for the Internet to function, which makes it easily harvested through automated means.
Even if you go through the trouble of keeping your domain registration private, it’s a trivial and inexpensive matter to farm out the work of finding physical addresses from Web sites to a service such as Amazon’s Mechanical Turk.
You’re probably wondering if there’s a way to keep your company safe from this type of scam. Well, you can’t stop people from trying. Scammers gonna scam, as they say. What you can do, though, is to keep good records of your vendors, and make sure that your AP people know that any invoice from a company that’s not on the list needs to be checked out thoroughly before being paid.
Another good idea is to partner with an IT support company who keeps track of your other technology vendors. In this case, I was able to quickly determine that this invoice was not from a vendor we have listed for our customer. This time, we saved them $65.00, but next time, it could be a lot more.
How does your company keep unnecessary bills from being paid? Leave a comment below.