Man in the Middle

A cautionary note

0

This is a cautionary tale for those of you that hunt internationally and wire large sums of money for deposits, trophy fee pre-payments for after final payments for extras.

In August of 2020 I booked several dangerous-game hunts in Zimbabwe for international clients. My normal procedure has been to issue a written quote along with a deposit wiring instruction PDF by email. Unbeknownst to me, criminals had hacked into my email account and were waiting for just such an opportunity. They intercepted and modified my wiring instructions to divert the funds to a series of fraudulent bank accounts in Texas, and began communicating with my clients out of my email account as if they were me. In some instances, the clients had received my original instructions but were subsequently contacted by the criminals and asked to send the funds to a different account. One of the hunters actually had his account frozen by his bank and flagged as fraudulent. He then attempted to contact me by email, but the scammers intercepted that email and provided him with another set of wiring instructions to a different bank account in Texas. In Europe they call this type of fraud, “ in the Middle”.

At no time was I aware that any of this was occurring, as none of the clients’ messages were coming through. It finally came to light when I contacted two of the clients to inquire as to why I had not received their deposits. Once I became aware that multiple bank wires were missing, I immediately sent out a potential fraud alert to my client base and worked with the clients to try to pull the funds back. By this time, the criminals had surely withdrawn the money and disappeared. Fortunately, one of the client’s bank returned the pilfered funds, but in the other cases, the money had disappeared.

The banks should have never delivered the funds to an account where the recipient’s name was not on the account. But how do I hold someone’s foreign bank account responsible?

I filed an FBI Internet Fraud Complaint and to this date have not heard a word. This type of fraud is rampant, and losses occur each year in the hundreds of billions. There is just so much of it that the investigative agencies are overwhelmed to the point that they just let it roll, as they lack the investigative resources to chase every complaint. It appears they expend more efforts in accumulating that they can report, than they do in trying to catch these criminals.

So how did they gain access to my email account? I will most likely never know. Our inboxes are full of phishing email scams seeking to gain access to our personal information. One wrong click and a virus can get through, or, providing any personal information on a seemingly genuine email request can give them access. I have had to update my security measures and no longer send wiring instructions by email. I now either send a photo of the wiring instructions by phone text or WhatsApp or the clients must pay the deposit with a credit and incur a 3% fee. Most of my domestic clients in the US pay by mailing a check. The US Postal Service is incredibly reliable, and I have never had an issue with mailed deposits.

So how did this all turn out? Although I did nothing wrong and was also defrauded in this scam, the clients were defrauded while doing business with my company. To maintain both my own and my company’s reputations, I had to step up and try to make good with my clients. All the clients moved ahead with the booking of these hunts.

The total sum lost in these scams was $20,000. Only $2,000 dollars was recovered. That is a lot of money, but it could have been worse. Fortunately, the outfitter in Zimbabwe and another outfitter in Africa also stepped up and helped me with compensating the clients.

I share this with the readers of the African Hunting Gazette to help bring you awareness that email is not secure for sending wiring instructions. There are just too many crooks out there looking to steal your money. To help secure your email accounts, use dual factor authentication. Then any new sign-in to your email account will generate a message to your phone that will require a password to gain access. Nothing is 100% foolproof, but this will make it more difficult for the thieves to gain access to your email account.

I hope this helps you avoid falling victim to one of these scams!

John Martins
Discount African Hunts – an Internet-based International booking agency based in Florida, USA. Formed in 2012 and over 1,700 clients in 53 countries.

LEAVE A REPLY