They used my own posts to make me trust them

They emailed an invoice that looked like a vendor we actually use, and the subject line referenced my dog's name, my gym, and my boss's first name—all scraped from posts I had treated as harmless.

I had shared stories, location tags, and workplace wins for years. The message asked me to approve an updated wire account "today only" and copied phrasing our CFO uses. I authorised a transfer without a voice callback because the tone felt familiar.

Open-source intelligence is not hacking; it is reading. The scammer built a believable thread from public data and sat in the middle while I thought I was talking to finance. The real vendor never changed their IBAN.

I liked being known online and never priced the downside. Part of me enjoyed looking connected; I did not imagine criminals taking notes.

Our vendor called angry about missed payment while the scammer's inbox still urged "ignore their old email—use this account." Hearing both sides at once exposed the parallel conversation.

Performance review season stung because I had to explain how a "smart" employee moved money on a spoofed thread. Trust at work took longer to repair than the wire dispute.

I locked down LinkedIn, removed kids' and pets' names from public bios, and route finance email through a dedicated address. I wish our company had drilled supplier-change callbacks before this happened.

• Treat public posts as intel for crooks—verify payment changes by phone on a known number.

For more help, see our Report a scam page and Spot and avoid scams guide.