Here at Wave we take security very seriously. That's why we wanted to let you know about a new scam targeting web designers and other merchants. The scam has nothing to do with Wave directly, but we thought it was worth sharing the information to help you avoid being caught.
We first noticed this scam hitting web designers, but have since heard of instances hitting a variety of businesses.
The scam: An inquiry asking if you accept credit cards before discussing any project details. This will be followed by a request for work on a rushed timeline. The prospective customer will easily agree to terms and a budget. They'll offer to place a large deposit and then ask if they can transfer funds to you that are destined for a third party, maybe even a little extra for you to keep as a gift. Once you agree to the project, this new customer will want to pay you with a credit card very quickly. After you transfer funds to the third party the original credit card payment will be charged back to you and all contact will be lost with the scammer.
Details of the scam
Here's a real world example received by real Wave customers:
"i have small scale business which i want to turn into
large scale business now it located in XYZ and the company
is based on ... so i need a best of the best layout design
for it. Can you handle that for me ?. so i need you to
check out this site but i need something more perfect
than this if its possible .http://www._______.com....
the site would only be informational, so i need you to
give me an estimate based on the site i gave you to check
out, the estimate should include ...and i have a private
project consultant, he has the text content and the
logos for the site."
The customer often suggests a large deposit on the project, but insists on a rushed timeline. They do this because they'll be paying you with a stolen credit card, and want to complete the scam before the card is reported as stolen or the unauthorized transaction is detected by the true owner of the credit card.
The prospective customer will claim they are ready to make a payment with a credit card so that work can begin immediately… but first, they ask you for a favor. This is where they involve a third party “service” (such as a graphic designer, delivery service, or supplier) who's meant to help with the project. The third party wants upfront payment before they can provide something critical to you, such as a logo. There’s usually a bonus attached to this favor — additional funds to pay the third party and then a bit extra for you, as a gift! (How nice!) It usually goes something like this:
"...I will need a small favor from you for this to begin.
I will send you my credit card to charge for the sum
of $5000 plus any fees. You will then deduct $2,500
as deposit for the design of the website plus an
extra $200 as a bonus for helping me. Then, you
will send the remaining $2300 to the graphic designer
that has the logo for my website. ...You won't send
the funds until after the money clears into your
account, ...get back to me so we can proceed with
the payment immediately."
The prospective client will provide a reason why the third party can't accept the payment directly. This could range from them not being set up to accept credit cards to them being tied up with a family emergency. Once you process the credit card payment and receive the funds, the fraudsters will be asking you to quickly deliver the funds to the third party (usually by wire transfer). Now you can get to work on the project. Unfortunately, you will now likely be looking at a loss, when the true holder of the credit card disputes the charge and you receive a chargeback.
Never experienced something like this before? Great! Be sure to keep an eye out and look for these telltale signs that you may be dealing with a fraudster.
- New customers contact you via text and ask if you accept credit cards
- Emails from domains like outlook.com & fastmail.com
- Being asked to pay a third party by wire transfer or Western Union.
- Poor grammar and spelling mistakes in communications.
- Failed payment attempts by the customer who then asks you to process for them
Does the situation described look familiar? If you have any concerns or questions about a recent payment or interaction with a customer, you can always reach out to our team at firstname.lastname@example.org. We can review your account and your payments with you.
Brian Masson Information Security Officer