Scammers are targeting some of London's biggest tech startups with a 'sophisticated' email trick
Business Insider understands that around 10 well-funded London startups have been targeted, although there is no evidence that any of the companies have actually fallen for the scam. Screenshots and copies of the scam emails are currently being circulated around tech mailing lists in London, but the scam's existence isn't yet widely known.
This isn't simple email spam. The scammers have taken the time to purchase domains which are the same as the targeted startup's website but with one letter changed.
Alicia Navarro, CEO of Skimlinks, told Business Insider that her company had been targeted. She said that Skimlinks spotted the email, and immediately recognised it as fake, so there was no risk to the company.
Here's an example of one of the emails that was sent to a London startup. Business Insider has blurred out the names and email addresses of the people mentioned in the email:
The scammers have researched the startups, and use the names of CEOs, financial controllers and other executives to make the emails appear legitimate.
Pratik Sampat is the CEO of accounting firm iHorizon, which works with many London tech startups. He told Business Insider that he was aware of many different companies in the London technology startup scene that had been affected by the "sophisticated" scheme. He said that he was not aware of any startups that had fallen for the scam.
Here's an extract from an email about the scam sent by iHorizon to its mailing list:
This is one example we're familiar with, but there have been a number of similar scams hitting startups all over. A London-based company have told us that they were almost caught out when their Financial Controller recently received an email, supposedly from their CFO, asking to pay an invoice. The email also contained a fake forwarded message from the Founder, also asking for it to be paid.
The scammers purchased a domain name very similar to the company's URL, so at a quick glance it would look as if the email had come internally. They then set up a fake email address for the CFO. They did their homework and found out the Founder's name, CFO's name and Financial Controller's name, so the email chain looked legitimate. This company spotted the discrepancy in time, but we're warning all startups to be vigilant.