Scammed through spam

Most everyone with an email account knows the dangers of international money wiring scams. It’s Intro to the Internet 101. When you receive a message from a Nigerian prince asking you to transfer large sums of money into a foreign bank account, you just delete them. Plain and simple.

With all the recent emphasis on cybersecurity in the finance world, the last person you would expect to fall for such a scheme would be a finance professional.

But that’s what happened to Keith McMurtry, senior controller at The Scoular Company. When McMurtry received emails requesting that he wire millions of dollars to a bank in China, he fell for it. Not once, not twice, but three times – sending a total of $17.2 million before the swindlers were caught.

The emails purported to be from Scoular CEO Chuck Elsea. The only hitch? They did not come from Elsea’s email address. Scoular has since fired McMurtry and tightened up internal systems and controls.

And, in ironic twist in the SEC’s current cybersecurity crackdown, the scammers used the regulator as a key character in their tale. “This is very sensitive, so please only communicate with me through this email, in order for us not to infringe SEC regulations,” said the party pretending to be Elsea, according to reports. How clever.