Exploited car loan

A colleague sent me a Facebook link, so I thought to share.

A car dealer James Glen Car Sales in Airdrie had a customer who wanted to buy a new car – a £40,000 Porsche.  That customer was based in London. Perhaps that may sound unusual being so far away, but I know a few other people who have purchased cars far away from them.  So, for some of you, this may not sound unusual.

But here’s the thing, the customer said they worked for BB Ltd, but the customer did not want to see the car and only wanted to know what the tyres were like and this is where something does not seem right.

OK, so what happened next?  Well, the dealer received the £40,000 from BBL Ltd to pay for the car.

Did you spot the flaw? 

If not, then just try for a few more seconds before reading on. 

The dealer feeling cautious phoned their bank to check the funds.  The funds were legitimate and could not be withdrawn.

Funds were legitimate, what was the flaw?

The money was transferred from BBL Ltd (not BB Ltd). 

What happened was that the customer asked for an invoice (so had bank details), went online for the dealers date of birth and business address and applied for a bounce back loan in the dealer’s name, for the exact amount of £40,000 to make it look like it was for the car.

The money does belong to the dealership, but actually because the car dealership actually borrowed a loan! The dealer now owns £40,000 to the bank. If the car was sold, the dealer would have lost the car, making it a total of £80,000.

What is a bounce back loan?

Any small business can claim up to £50,000 and (here is where the flaw was exploited) it can be done quickly and easily. Fill out the form with your details and the money can be sent to your account quickly.

What happened to the customer?

The customer was going to send proof the customer actually sent the money, but they never did.

The original car video here on Facebook:  https://www.facebook.com/watch/live/?v=768150723925568&ref=watch_permalink

Lessons learned

The reason for my post is sometimes in our security world there are little things businesses can check to see if things are false. This especially applies to fake emails wanting you to click on those malicious links.  Things to watch out for include:

  • Small things such as spelling mistakes.
  • The domain name does not look right.
  • Unusual behaviour.

If you have not read so far, I’d encourage you to read my article to help you help prevent malware infections:   https://michaelhopewell.co.uk/covid-19-and-malware-infections/

Hope that helps and remember…

“Doing security is not a compromise.”

Until next time.

#cyberattack, #cybersecurity, #dataprotection, #datasecurity, #datasecuritybreach, #gdpr, #gdprcompliance, #informationsecurity, #infosec, #pcidss, #personaldata, #security, #Covid19, #bouncebackloan

Leave a Reply

Your email address will not be published. Required fields are marked *

two × five =