It was a Saturday night, and I was rushing to try and finish off some paperwork, wanting to catch the last half hour of visiting time at my local General Hospital. My Mother has been in there for over two weeks now ...
She is fine and back to her old self again. At 87, she has had a blip. She's a tough one, as I am too. She has beaten cancer, has had two newish knees (in the last 14 or so years) and looks a lot better now. It has also been a stressful two /three weeks besides my Mum as I have also had a scan on my left shoulder and X-ray on the left hip.
The enquiry form listed a bunch of USB Hard disks, ranging from 500GB to 4TB, Apple MacBooks and Microsoft Surfaces. The enquiry was from a 'Procurement Manager' at a well-known Welsh University. Now, under normal circumstances, I would be dubious as hell and not be taken in with such tomfoolery.
However, with Mum on my mind, I made a very quick check on LinkedIn to see if the person really existed. Sure enough, the named person does exist with the title 'Deputy Head of Procurement' for said University.
Being distracted and in a hurry, I replied to the enquiry and as luck would have it, I BCC'd in a business partner of mine so he could see the vast list of goodies that the University wanted to buy (or at least get prices for at this stage). I mean, come on, we are talking at worst a £15K order and at best, £25K. Which salesperson wouldn't get excited?
I closed the laptop feeling smug that I had given a response the same evening. Customer service is one of my key differentiators and I pride myself on it to this day. I have commendations letters from customers dating back to 1991/92, all in a folder at home.
Thankfully, as well as the usual, "thank you for your enquiry and I will get back to you with prices", my reply also contained some of the other business services we offer, including email scanning and cybersecurity services. How ironic.
Anyway, I sent a text to my colleague to ask him to check the web enquiry and my reply. When I got back from the hospital, I saw a text from my colleague saying not to get excited and check out the domain name as he spotted that something was not 'quite right.'
So, doing what I should have done in the first place, using our 30+ years of technology experience and the last 10 years learning the intricacies of cyber-crime and phishing emails and dodgy domain names, I looked again and then kicked myself for not spotting the dodgy domain.
So, what next? Well, apart from kicking myself again, I was seething and foaming at the mouth at such a schoolboy error. Now, the fun starts as I will hunt them down, beware scammers!
The moral of the story is that you should always stop and think, then ask a colleague to give a second opinion on any requests that look too good to be true, and then sit on it for 24 hours. If I can get caught out, with the vast expertise I have and start giving quotes to random enquires by not following my own rules, what chance have non-technical people got?
If an email comes in from your MD, asking you to make an immediate £20K payment and includes a sort code and account number, give him/her a call and double-check. Don't worry that they might shout and just tell you to get on with it as equally, they may thank you for saving the business £20K in a fraudulent payment.
If you feel inspired to find out more then do call me on 07555 807700 or leave a comment below and I'll be in touch as soon as I can.