Fraud - a bit strange
Discussion
Guys, this is all third hand but would be interested in your thoughts on this..
My friend at work this morning was telling me about her sister who was 'defrauded' out of £10k on Friday;
1) She has been getting some building work done on her home
2) Thursday afternoon the builder emailed her and asked for £10k, split over 2 accounts (some money for the builder, some for the roofer) - this was legit
3) She was unable to make the transfer on Thursday, so planned to do it first thing on Friday morning
4) Friday morning she had received another email from the builder this time asking for the full £10k to be sent to a different account - this was dodgy - the builders email account had been hacked
5) She spoke to the builder Friday afternoon and during their discussion it came up and they realised something was wrong
6) Builder checked his email account and had received notification that it had been hacked
7) She called her bank who couldn't do much about it, the money had left
8) The receiving bank couldn't do much about it due to no Police report
9) The Police said that there was no one available in the fraud dept to investigate
10) The couple who paid the £10k went to a high street branch of the receiving account and demanded they investigate, police were called and took details at the branch - now investigating
So, I guess the question is, is the money gone completely? From my understanding the person doesn't have another 'spare' £10k to pay the builder
My friend at work this morning was telling me about her sister who was 'defrauded' out of £10k on Friday;
1) She has been getting some building work done on her home
2) Thursday afternoon the builder emailed her and asked for £10k, split over 2 accounts (some money for the builder, some for the roofer) - this was legit
3) She was unable to make the transfer on Thursday, so planned to do it first thing on Friday morning
4) Friday morning she had received another email from the builder this time asking for the full £10k to be sent to a different account - this was dodgy - the builders email account had been hacked
5) She spoke to the builder Friday afternoon and during their discussion it came up and they realised something was wrong
6) Builder checked his email account and had received notification that it had been hacked
7) She called her bank who couldn't do much about it, the money had left
8) The receiving bank couldn't do much about it due to no Police report
9) The Police said that there was no one available in the fraud dept to investigate
10) The couple who paid the £10k went to a high street branch of the receiving account and demanded they investigate, police were called and took details at the branch - now investigating
So, I guess the question is, is the money gone completely? From my understanding the person doesn't have another 'spare' £10k to pay the builder
ikarl said:
6) Builder checked his email account and had received notification that it had been hacked
I'm wondering what this means. What sort of notification do you get that your email account has been hacked?How will the fraud hang together? When plod investigate, surely the destination account will be a dead giveaway?
Bert
This is a very common form of mandate fraud and unless your friends bank acted very quickly the money is probably gone. The beneficiary account will be a mule account belonging either to some poor sap who thinks he's found the love of his life/won the Thai lottery/been befriended by a Nigerian prince or to a foreign student who has fecked of back home and sold their account details on for a few quid. If it hasn't been done already, shortly the money with be withdrawn in cash and wired abroad.
There is a remote chance the other bank will have frozen the beneficiary account if they accept the transaction was fraudulent but they probably won't confirm that to your friends for some time.
There is a remote chance the other bank will have frozen the beneficiary account if they accept the transaction was fraudulent but they probably won't confirm that to your friends for some time.
yup, pretty much as I thought tbh.
Which raises the question, does anybody have any ideas how the bill will be settled? Is the client still wholly responsible for the £10k? or is the builder in some way liable for 'allowing' his account to be hacked?
Which raises the question, does anybody have any ideas how the bill will be settled? Is the client still wholly responsible for the £10k? or is the builder in some way liable for 'allowing' his account to be hacked?
- allowing* I know he didn't actually allow the attack, but should his password have been a little more secure
ikarl said:
speedking31 said:
ow do you know? What's to stop his ex-wife using the account? Or a friend of his setting up an account that the money is then 'accidentally' directed to?
yup, very good point and something that hadn't even crossed my mindI know this is very, very boring, but whenever sending significant payments to a new payee, please, please:
1) send a notional test payment to the account details he's given
2) don't tell the seller how much you're sending
3) ask the payee to confirm the amount that arrived
4) only if/when he does, send the outstanding balance to the same details
Can't imagine how this occasion will be settled, but banks seem to be toughening up on such mistakes (see today's 'vishing' stats). So I suspect someone's losing out.
1) send a notional test payment to the account details he's given
2) don't tell the seller how much you're sending
3) ask the payee to confirm the amount that arrived
4) only if/when he does, send the outstanding balance to the same details
Can't imagine how this occasion will be settled, but banks seem to be toughening up on such mistakes (see today's 'vishing' stats). So I suspect someone's losing out.
btcc123 said:
What ever happened to cash in hand.
Too hard to trace and tax, there are more honest trades people about these days than once there was, particularly as anything more than putting a screw in a wall, changing a light fitting or opening a window needs to have BR approval it seems 
OP I am not 100% of the answer to your question but it is a major issue these days and a large number of solicitors have been targeted (successfully and unsuccessfully) with e-mails sent from hacked accounts 'correcting' previous bank instructions.
Bottom line if someone gives you their bank details by e-mail call them to verify that they are correct. Likewise if they 'change' them - always call and always check.
"Accept, but verify."
ikarl said:
yup, I think they've found out the hardest way possible (for them) as it was a good chunk of their savings and apparently their contingency won't cover it - hopefully they can come to some agreement with the builder
One of two things has happened:1) The builder has just this minute discovered that his email has been hacked, and is victim of a pretty sophisticated scam as it would need constant monitoring of the account 'just in case' he gives out bank details.
2) The builder is dodgy, and is in on the fraud.
Before I worked with the builder, I would want to make absolutely certain that it is not 2).
V8LM said:
or
3) The sister transferred the money to another account under her control and then made the story up to the builder.
(and no, I don't really believe this happened).
A few years ago, against my better judgment we did some work for a private individual, not a company. Just under £1000 of work.3) The sister transferred the money to another account under her control and then made the story up to the builder.
(and no, I don't really believe this happened).
At the end, we were sent a cheque that bounced. Alarm bells rang, we were told everything's fine, try again. 'Yeah right...' we think, clearly you've not got the money in your account. So, we represent the cheque, and it gets bounced again, this time it's sent back to their bank.
They make excuses, apologise, and send another cheque, which clears fine.
A month later, we get a letter from the client's partner, warning that if we do not refund us one of their cheques, that they will take legal action against us. Of course, only the second one cleared, we tell them this, and tell them to take it up with their bank, and tell them legal action will be defended because their statement is incorrect.
All in all, absolutely bizarre, because of course you know if a cheque has cleared, because you check your statement and the money is gone. Or, if there's an issue you take it up with your bank.
The only logical solution that we came up with was that one or other of the man/wife was lying to the other one about the whereabouts of the money, and why the cheque bounced, and blamed us, hence the threat of legal action from the other...
Often strange things have strange reasons why they've occurred!
JustinP1 said:
victim of a pretty sophisticated scam as it would need constant monitoring of the account 'just in case' he gives out bank details.
Not really. It could be a man in the middle attack. For example, if the builder used his email at a 'free Wi-fi' spot in a busy public place (where the free wi-fi is actually provided by a scammer* hoovering up as many logins as possible). Then, there's no 'just in case' coincidence involved.* It's very easy; the scammer just sets up a likely sounding SSID and waits for freeloading surfers to discover it and use it. This is my favourite illustrative diagram, due to the stripey shirt and gloves:
I wonder who is the victim here
By the sounds of it the work is all done, the couple who paid have correspondence which appears to be from the builder requesting payment into a certain account, and they can demonstrate they have made payment to that account.
So if the builder were to take them to court for not paying and they say they have, who is likely to win?
Does it make any difference if the builder is able to prove he did not send the email?
By the sounds of it the work is all done, the couple who paid have correspondence which appears to be from the builder requesting payment into a certain account, and they can demonstrate they have made payment to that account.
So if the builder were to take them to court for not paying and they say they have, who is likely to win?
Does it make any difference if the builder is able to prove he did not send the email?
It's highly improbable that the builder is in any way involved, these frauds are carried out by well organised and well resourced criminal gangs. Most businesses will have a regular flow of email traffic, sending out & receiving invoices etc so they only need to monitor the hacked accounts for a few days at most before a large enough transaction will appear. They jump in then, get the payment diverted and bobs yer uncle, I know of firms that have lost hundreds of thousands in one hit.
The victims in this case are primarily the op's friends, the false rep was made to them and they have, probably, lost their money. The builder, or maybe even the bank if they refund the money, could also be treated as victims as they would have suffered/ been exposed to a loss but it's more of a stretch for them.
The victims in this case are primarily the op's friends, the false rep was made to them and they have, probably, lost their money. The builder, or maybe even the bank if they refund the money, could also be treated as victims as they would have suffered/ been exposed to a loss but it's more of a stretch for them.
Bigyoke said:
This is a very common form of mandate fraud
is it indeed? I've not heard of it before now and it's something that should concern me (tradie); sounds quite insidious, as I guess it'd involve biding ones time after hacking the account for the right opportunity to present itself.Gassing Station | Speed, Plod & the Law | Top of Page | What's New | My Stuff