top of page

Fighting Crime: Preventing a $250,000 Fraud a Case Study

  • Writer: Roman Paylian
    Roman Paylian
  • Apr 16
  • 4 min read

The Target: A Trusted Technology Provider

At HelpSquad, our core mission is to simplify technology and empower businesses with robust and reliable IT solutions, built on a foundation of trust and security. As a dedicated technology partner, we understand the ever-present threats in the digital landscape.


However, a recent incident served as a stark reminder that even those dedicated to safeguarding others can become the target of sophisticated and elaborate cybercriminal schemes. This is the account of how HelpSquad was meticulously targeted in an attempt to commit a $250,000 fraud involving a large order of high-value laptops, and how our team’s vigilance and expertise prevented a significant loss.



A person with headphones types on a laptop in a dark room, surrounded by screens displaying code and a webpage. The mood is focused.


The Bait: A Large Order from a Reputable Source

The initial contact, received in February of 2025, appeared to be a promising business opportunity. An email arrived from an individual identifying himself as Marcus Walz, the IT Director of the Packard Foundation, a well-respected non-profit organization based just outside of San Jose, CA. The email signature was a near-perfect replica of the Foundation’s official signature, complete with a matching area code for the listed phone number.


The inquiry outlined a substantial device upgrade initiative planned by the Packard Foundation for the year, with a stated preference for supporting small businesses like HelpSquad over larger suppliers. The specific request was for 168 Lenovo laptops, including a precise model number. "Marcus Walz" conveyed that the project had already secured internal approval and that HelpSquad was being approached due to the previous vendor’s inability to meet their expedited three-week delivery requirement.


Adding a layer of subtle deception was the email’s originating domain: packardfoundation.org. While closely resembling the legitimate packard.org, typing the former into a browser would seamlessly redirect the user to the actual Packard Foundation website. This seemingly minor detail was a carefully crafted element of the fraud.


Navigating Suspicion: Initial Unease and Probing Questions

Despite the veneer of legitimacy, the scale and urgency of the unsolicited order from an unfamiliar entity triggered an immediate sense of caution within the HelpSquad team. A $250,000 hardware request, coupled with a tight delivery timeframe, felt unusual for a first-time engagement with a non-profit organization of this stature.


Driven by this unease, the HelpSquad sales team proceeded cautiously, securing quotes from their suppliers for the requested laptops. Simultaneously, they engaged with the purported "Marcus Walz," posing clarifying questions about the order’s specifics and the Packard Foundation’s needs. The responses received were prompt, professional, and seemingly addressed all concerns, further obscuring the underlying deception.


Adhering to standard protocol for substantial initial orders, HelpSquad informed "Marcus Walz" of the requirement for a 50% deposit to secure the devices, along with official documentation verifying the Packard Foundation’s tax-exempt status. To the team’s surprise, "Marcus Walz" readily agreed to these terms, stating that the deposit would be processed promptly and the necessary documentation provided. This unexpected compliance, while seemingly positive, did little to fully alleviate the lingering doubts.


The Human Factor and Digital Discrepancies: Unraveling the Ruse

Seeking further validation, the HelpSquad sales manager requested a direct phone conversation with "Marcus Walz" to discuss the quote and next steps. While this call was being scheduled, the technical support team took proactive measures to independently verify the identity of the supposed IT Director. Cross-referencing the name with the official Packard Foundation website (packard.org), they located a photograph and contact information for the real Marcus Walz. Attempts to reach him via the listed phone number, however, were met with unanswered voicemails.


The subsequent phone conversation with "Marcus Walz" introduced a critical human element that heightened suspicion. The caller, while articulate, spoke with a noticeable South African or Indian accent, a stark contrast to what would be expected from someone with a German surname who claimed to have lived in the United States since childhood. When questioned about the origin of his accent, the explanation provided by the caller was unconvincing and inconsistent with the linguistic cues.


While the sales manager engaged in this revealing phone call, the technical team’s digital investigation yielded irrefutable evidence of the fraud. By conducting a WHOIS lookup on both the fraudulent domain (packardfoundation.org) and the legitimate one (packard.org), they uncovered a significant discrepancy. The legitimate domain was registered to the Packard Organization in California, as expected. However, packardfoundation.org was registered to an identity-protected entity in New Zealand.


The fraudsters’ strategy became chillingly clear. By registering a deceptively similar domain and implementing a simple redirect to the genuine Packard Foundation website, they had created a near-perfect digital identity. Anyone casually inspecting the email address or even typing the domain would likely be fooled.


The inconsistencies in the phone conversation, coupled with the definitive proof of the fraudulent domain registration, left HelpSquad with no doubt: they were the target of a sophisticated and meticulously planned fraud attempt. Within hours of the call, after HelpSquad reiterated the request for the deposit, ID, and tax-exempt certificate, the fraudulent packardfoundation.org website was taken offline.


Despite numerous attempts, HelpSquad never received a response from the real Marcus Walz at the Packard Foundation.



The Aftermath

In the days after the incident, industry colleagues and partners, confirmed similar fraudulent attempts, using different company information and names, but all with the goal of acquiring hardware for shipment to a fraudster controlled address.


The attempted $250,000 fraud served as a powerful, albeit unwelcome, reminder for HelpSquad. It highlighted the increasing sophistication of cybercriminals and the critical need for constant vigilance and robust verification processes, even if your "too small" for cybercriminals.


By sharing this experience, HelpSquad aims to educate other businesses about the potential threats and the importance of proactive security measures. While we were the target this time, our layered defenses and the keen instincts of our team prevented a substantial loss, reinforcing our commitment to security – not just for our clients, but for our own operations as well.



 
 
bottom of page