They need to file a police report, and get in touch with their bank. It's likely the money has already been transferred to a different bank, but the corresponding bank might still be able to freeze the account if it is still sitting there.
Then again, it might be transferred again as well. Money is hard to trace if it moves through different jurisdictions, as every country has different banking and privacy laws. Your client might very well hit a dead end for such a (in the grand scheme of things) small amount of money.
Highly unlikely - but also, a side fact to keep it from happening again. The attack similar to this I had to help address, someone had sent an email to a client, over an Indian shared office space network. That network was found compromised, and man-in-the-middled. Suggest doing business communications like email over VPN (F-secure VPN or simlar) only.
Doesnt mean you were hacked could be an inside job by someone at either organization or could be a hack on the other company's email. If your email provider has any sort of activity log like gmail does you might want to review those, or if you run your own there should be access logs on the server.
Email headers of the fake email I received are below. Can anyone identify anything out it?
-------
Received: (qmail 30963 invoked by uid 30297); 16 Oct 2018 19:04:18 -0000
Received: from unknown (HELO sg2plibsmtp01-1.prod.sin2.secureserver.net) ([182.50.144.11])
(envelope-sender <[email protected]>)
by sg2plsmtp19-01-25.prod.sin2.secureserver.net (qmail-1.03) with SMTP
for <[email protected]>; 16 Oct 2018 19:04:18 -0000
Received: from se1-lax1.servconfig.com ([104.244.124.86])
by bizsmtp with ESMTP
id CUdcgdXtBUMdaCUdegyEaT; Tue, 16 Oct 2018 12:04:18 -0700
Received: from res203.servconfig.com ([192.145.239.44])
by se1-lax1.servconfig.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.89)
(envelope-from <[email protected]>)
id 1gCUdY-0005Jd-Kn; Tue, 16 Oct 2018 15:04:16 -0400
Received: from [::1] (port=46403 helo=res203.servconfig.com)
by res203.servconfig.com with esmtpa (Exim 4.91)
(envelope-from <[email protected]>)
id 1gCUdY-00GWW5-7H; Tue, 16 Oct 2018 12:04:12 -0700
Weird that the domain points to another Pharma company operating from Karachi, Pakistan. Maybe contacting them to find out who "Shahrukh" is might be a good first step.
Looks like it pretty transparently sends all replies to "dr.com". Seems like something our email client should warn us about explicitly, instead of just showing "Reply To: Kyle".
Well you may be able to get their contact details by contacting InMotion Hosting, who runs the web server they sent the mail out of. If you take 'res203.servconfig.com' and stick it in here: https://www.ultratools.com/tools/ipWhoisLookup , you should be able to get their abuse team email. Although this won't get the money back... it will just help you punish the spoofer a bit.
My domain and email provider is GoDaddy. Unfortunately, they said that they cannot do anything about it but still asked me to send IP email headers to their abuse team.
1: Really huge font of the punchline. I will make it little smaller as my focus is not going to the scrolling text below it.
2: Message is somewhat clear. I am confused whether it is a sales product or a CRM product.
3: It says that convert subscribers into revenue. But doesn't mention "How" anywhere. You need a section of "How it works" somewhere.
4: Can I see a demo implementation somewhere?
I launched a SaaS startup called "SalezTalk" with the same exact strategy. The problem with this strategy is that it assumes that reaching to a customer is an easy thing.
One of the most difficult thing in a SaaS is reaching to a customer in a cost-effective manner. It's common nowadays to have a CAC of $100+. So paid acquisition channels would be impossible if your prices are low.
If you already have a community or a user-base, then probably you can make a few hundred dollars out of it. But if you are starting from scratch, I would rather suggest going for a big idea instead of a smaller one because your marketing efforts in both the case would be almost same.
Posting answers to highly targeted Quora questions is free. Launching on Product Hunt is free. Writing targeted content that ranks on Google takes time, but costs no money. Retargeting ads are cheap.
I agree that if you're trying to build a big business, you need to think hard about how you're going to get customers. But if you're just trying to make a couple hundred a month (as OP asked), it's a completely different ballgame. You just need a tiny sliver of an enormous pie.
I think it came out well.