Yesterday, we were targeted by what is known as ‘CEO fraud‘ and we wanted to warn customers of potential further phishing attempts.
In a well researched series of e-mails, the right person on our team was apparently instructed by our CEO Simon to wire funds. There were numerous co-incidences such as him being out of the office at the time.
It was only diligence that caused alarm and on closer inspection it was clear the fraudster had registered simvvood.com (note the double v, less obvious in other fonts) and was e-mailing from there. They had not only gone to the trouble of setting up a very similar looking domain name, but also of creating the correct e-mail users within it, and mailing the right person with their right name.
After further discussion, full bank details (in the UK) were obtained and lots of background information gathered. This was referred to the NFIB.
We have now also obtained the simvvood.com domain to prevent a re-occurence of this.
The main purpose of this post is to warn customers of this incident and to ensure you are not misled by emails ostensibly coming from Simwood. We will never email you to ask for your passwords, API keys, or any other sensitive information.