A client recently sent me an email asking about a blank form he received in the mail. It was a MA-W Notice of Withdrawal form (it is a form for withdrawing registration as a municipal advisor). It was sent without any cover letter or explanation. Since he isn’t registered as a municipal advisor, I told him not to do anything with the form. However…it was all part of a very sophisticated attempt to defraud him.
I’m telling you all the details so that you can be on the lookout for something similar. The form arrived via USPS Priority Mail in a Flat Rate Mailing Envelope. Don’t accept this delivery, if you have an opportunity to do so. More than likely it will be left in your mailbox. The envelope was sent to the client’s home address with a legitimate tracking number from William Waters of Denison TX.
The day after he received the envelope he received an email from PayPal with details of his shipment (which he didn’t pay much attention to as he thought it was spam or a spoof).
The following day he was reconciling his financial information and noticed a strange charge of $577 to his American Express (AMEX) card. He call AMEX to report the strange charge. He was told that any investigation would have to come from AMEX’s back office and PayPay, but this can take up to 30 days.
He began to dig to see how this happened. In doing so he noticed an email from Waterilliam (very similar to the weird form that had been mailed from William Waters (the blank MA-W Notice of Withdrawal form).
He checked the USPS tracking number from the envelope. The envelope originated in Flint MI. Once USPS sends notification of the delivery, the thieves show proof of delivery to PayPal and his AMEX is charged.
This is a sophisticated hacking incident where they are hiding behind PayPal. At this point, my client isn’t clear as to how he was targeted. He is thinking it could be a result of the Marriott data breach as this was the most recent AMEX purchase.
Suggestion – do NOT use the same password for anything. I know that I have had a tendency in the past to use the same one for things that don’t seem to be a security issue…like say a hotel rewards card. Use a password manager and review it for any duplicates…then change them.
Lastly, be on the alert for any emails from PayPal. Review them before deleting to be sure they aren’t about a shipment coming your way.