Discussion
Just wondering what peoples thoughts on this are, as I have no idea.
My brother runs a building company, and 2 weeks ago today he emailed 2 customers their monthly invoice, as a word doc attached to email. BACs details on bottom of invoice
Customer 1 was for £16500 (first invoice for them)
Customer 2 was for £25500 (3 rd invoice for them)
He was going on holiday the next day so asked his business partner to chase them and keep look out for money. By Monday nothing had arrived in the bank so he called Customer 1, to be told, oh we have paid you, brothers business partner says nothing in account yet, to be told, no, we got an email from Dave, my brother, saying we have closed the acc on your invoice, please pay into this new acc, details enclosed, which they did. They then forwarded over a full copy of emails from my brother, ONLY it wasn't my brother, somebody has hacked his email acc, intercepted these emails and sent over their own bank details.
I have seen the emails and you really do think its my brother you are talking to, same email, his proper signature and contact details at bottom of email, very scary stuff.
By chance customer 2 called the office asking was it right that the bank details have been changed.
Brother changed his password using his ipad while on holiday, only to find it had been changed again within 5 mins, so he was unable to access email acc, called AOL and they just didn't give a toss.
Customer 1s bank, Santander are in talks with TSb fraud team which is where the fraud acc is based, at present Customer 1 is £16500 out of pocket, as is my brother. Santander have said some money has been taken out of the TSB account, but would not say how much, and where or how.
So, who is liable,
Customer 1 for sending money to wrong acc
My brother for having his email hacked
AOL for allowing email to be hacked
Or the banks, for, oh I don't know, lets just blame them.
Welcome any views on this.
My brother runs a building company, and 2 weeks ago today he emailed 2 customers their monthly invoice, as a word doc attached to email. BACs details on bottom of invoice
Customer 1 was for £16500 (first invoice for them)
Customer 2 was for £25500 (3 rd invoice for them)
He was going on holiday the next day so asked his business partner to chase them and keep look out for money. By Monday nothing had arrived in the bank so he called Customer 1, to be told, oh we have paid you, brothers business partner says nothing in account yet, to be told, no, we got an email from Dave, my brother, saying we have closed the acc on your invoice, please pay into this new acc, details enclosed, which they did. They then forwarded over a full copy of emails from my brother, ONLY it wasn't my brother, somebody has hacked his email acc, intercepted these emails and sent over their own bank details.
I have seen the emails and you really do think its my brother you are talking to, same email, his proper signature and contact details at bottom of email, very scary stuff.
By chance customer 2 called the office asking was it right that the bank details have been changed.
Brother changed his password using his ipad while on holiday, only to find it had been changed again within 5 mins, so he was unable to access email acc, called AOL and they just didn't give a toss.
Customer 1s bank, Santander are in talks with TSb fraud team which is where the fraud acc is based, at present Customer 1 is £16500 out of pocket, as is my brother. Santander have said some money has been taken out of the TSB account, but would not say how much, and where or how.
So, who is liable,
Customer 1 for sending money to wrong acc
My brother for having his email hacked
AOL for allowing email to be hacked
Or the banks, for, oh I don't know, lets just blame them.
Welcome any views on this.
Quattromaster said:
Just wondering what peoples thoughts on this are, as I have no idea.
My brother runs a building company, and 2 weeks ago today he emailed 2 customers their monthly invoice, as a word doc attached to email. BACs details on bottom of invoice
Customer 1 was for £16500 (first invoice for them)
Customer 2 was for £25500 (3 rd invoice for them)
He was going on holiday the next day so asked his business partner to chase them and keep look out for money. By Monday nothing had arrived in the bank so he called Customer 1, to be told, oh we have paid you, brothers business partner says nothing in account yet, to be told, no, we got an email from Dave, my brother, saying we have closed the acc on your invoice, please pay into this new acc, details enclosed, which they did. They then forwarded over a full copy of emails from my brother, ONLY it wasn't my brother, somebody has hacked his email acc, intercepted these emails and sent over their own bank details.
I have seen the emails and you really do think its my brother you are talking to, same email, his proper signature and contact details at bottom of email, very scary stuff.
By chance customer 2 called the office asking was it right that the bank details have been changed.
Brother changed his password using his ipad while on holiday, only to find it had been changed again within 5 mins, so he was unable to access email acc, called AOL and they just didn't give a toss.
Customer 1s bank, Santander are in talks with TSb fraud team which is where the fraud acc is based, at present Customer 1 is £16500 out of pocket, as is my brother. Santander have said some money has been taken out of the TSB account, but would not say how much, and where or how.
So, who is liable,
Customer 1 for sending money to wrong acc
My brother for having his email hacked
AOL for allowing email to be hacked
Or the banks, for, oh I don't know, lets just blame them.
Welcome any views on this.
Nobody is 'liable' from the description, but you Brother will be the one out of pocket until money is recovered. My brother runs a building company, and 2 weeks ago today he emailed 2 customers their monthly invoice, as a word doc attached to email. BACs details on bottom of invoice
Customer 1 was for £16500 (first invoice for them)
Customer 2 was for £25500 (3 rd invoice for them)
He was going on holiday the next day so asked his business partner to chase them and keep look out for money. By Monday nothing had arrived in the bank so he called Customer 1, to be told, oh we have paid you, brothers business partner says nothing in account yet, to be told, no, we got an email from Dave, my brother, saying we have closed the acc on your invoice, please pay into this new acc, details enclosed, which they did. They then forwarded over a full copy of emails from my brother, ONLY it wasn't my brother, somebody has hacked his email acc, intercepted these emails and sent over their own bank details.
I have seen the emails and you really do think its my brother you are talking to, same email, his proper signature and contact details at bottom of email, very scary stuff.
By chance customer 2 called the office asking was it right that the bank details have been changed.
Brother changed his password using his ipad while on holiday, only to find it had been changed again within 5 mins, so he was unable to access email acc, called AOL and they just didn't give a toss.
Customer 1s bank, Santander are in talks with TSb fraud team which is where the fraud acc is based, at present Customer 1 is £16500 out of pocket, as is my brother. Santander have said some money has been taken out of the TSB account, but would not say how much, and where or how.
So, who is liable,
Customer 1 for sending money to wrong acc
My brother for having his email hacked
AOL for allowing email to be hacked
Or the banks, for, oh I don't know, lets just blame them.
Welcome any views on this.
Customer 1 paid in good faith and had no reason to be suspicious of change of details.
AOL could be liable if you could prove they did something specific to allow access to the account - i.e. resetting the password without performing identity checks.
If it was a case the hacker guessed the password, or the "reset your password" security questions, then the failing there lies with your brother for not using more secure password/information.
Don't rely on the banks to investigate this. Ensure the police are involved.
Finally, given the sums involved, invest in a better email provider - one that uses 2 factor authentication - ideally with a text to registered phone or something similar to reset passwords.
Unfortunately for Customer 1 they still owe your brother, unfortunately for your brother if they can't pay or won't pay he'll have to take them to court.
No-one, not your brother, not AOL allows email to be hacked, that's like saying you allowed you house to be burgled or your car stolen. However Customer 1 may seek to show some form of negligence of defending a civil action, don't think that would fly though.
The banks were only doing as their customer instructed them, so not their fault either.
Customer 2 did exactly the right thing, NEVER change payment details without verifying the change, with a person, first.
No-one, not your brother, not AOL allows email to be hacked, that's like saying you allowed you house to be burgled or your car stolen. However Customer 1 may seek to show some form of negligence of defending a civil action, don't think that would fly though.
The banks were only doing as their customer instructed them, so not their fault either.
Customer 2 did exactly the right thing, NEVER change payment details without verifying the change, with a person, first.
Bigyoke said:
Unfortunately for Customer 1 they still owe your brother, unfortunately for your brother if they can't pay or won't pay he'll have to take them to court.
No-one, not your brother, not AOL allows email to be hacked, that's like saying you allowed you house to be burgled or your car stolen. However Customer 1 may seek to show some form of negligence of defending a civil action, don't think that would fly though.
The banks were only doing as their customer instructed them, so not their fault either.
Customer 2 did exactly the right thing, NEVER change payment details without verifying the change, with a person, first.
I agree. The fake email is a false instrument. It's the customer who has been defrauded and not the builder. No-one, not your brother, not AOL allows email to be hacked, that's like saying you allowed you house to be burgled or your car stolen. However Customer 1 may seek to show some form of negligence of defending a civil action, don't think that would fly though.
The banks were only doing as their customer instructed them, so not their fault either.
Customer 2 did exactly the right thing, NEVER change payment details without verifying the change, with a person, first.
plasticpig said:
I agree. The fake email is a false instrument. It's the customer who has been defrauded and not the builder.
I'm not convinced of that, the customer can demonstrate a paid bill, i asked on the last thread what would happen if that went to court, and none of the masses of lawyers on here saw it, or if they did they weren't prepared to stick there neck out and pick a winner.ging84 said:
I'm not convinced of that, the customer can demonstrate a paid bill, i asked on the last thread what would happen if that went to court, and none of the masses of lawyers on here saw it, or if they did they weren't prepared to stick there neck out and pick a winner.
Nope, the customer can demonstrate that they were duped into paying the money into the wrong account, that does not extinguish the original debt. The bill has not been paid and they are still liable for it.ging84 said:
I'm not convinced of that, the customer can demonstrate a paid bill, i asked on the last thread what would happen if that went to court, and none of the masses of lawyers on here saw it, or if they did they weren't prepared to stick there neck out and pick a winner.
No they can't. They can demonstrate that they transferred cash to a bank account which will not be in the name of the payee. Payee names are irrelevant when it comes to bank transfers and they aren't checked. 
plasticpig said:
No they can't. They can demonstrate that they transferred cash to a bank account which will not be in the name of the payee. Payee names are irrelevant when it comes to bank transfers and they aren't checked.
If company A had paid the wrong account through their own error, then yes they ought to pay the supplier what they owe. But they can demonstrate that they paid the bill to the account specified by the company they were paying.
It would not be reasonable to assume their email account had been hacked.
esxste said:
plasticpig said:
No they can't. They can demonstrate that they transferred cash to a bank account which will not be in the name of the payee. Payee names are irrelevant when it comes to bank transfers and they aren't checked.
If company A had paid the wrong account through their own error, then yes they ought to pay the supplier what they owe. But they can demonstrate that they paid the bill to the account specified by the company they were paying.
It would not be reasonable to assume their email account had been hacked.
esxste said:
If company A had paid the wrong account through their own error, then yes they ought to pay the supplier what they owe.
But they can demonstrate that they paid the bill to the account specified by the company they were paying.
It would not be reasonable to assume their email account had been hacked.
It doesn't matter. The method of communication of the fraudster is irrelevant. If could be by email, letter, fax, text or a phone call. The customer is still liable to pay the debt. But they can demonstrate that they paid the bill to the account specified by the company they were paying.
It would not be reasonable to assume their email account had been hacked.
redddraggon said:
No connection as far as I know, the amount in question was as near as dam it to £16,500Breadvan72 said:
AOL? A business that uses AOL? [Checks date to see if it is 1996. it isn't.] Crikey, no wonder you were scammerhacked.
I wasn't ,my brother was.Sadly, not all of us, me included are clued up on email/internet security. We just presume having anti virus and being careful with what sites we visit and what files we open should be enough. Seems it's not these days.
Do you think that if someone does some work for you your obligation is to pay for the work or just to try to pay for it?
If you have a job and your employer sends your wages to an account that you do not control because your email or accounts have been hacked, do you say to your employer that's ok, you tried to pay, so you owe me nowt?
If you have a job and your employer sends your wages to an account that you do not control because your email or accounts have been hacked, do you say to your employer that's ok, you tried to pay, so you owe me nowt?
They have to be convincing to work.
Let's say your salary gets paid monthly by bank transfer, your email is hacked and a message is sent to payroll amending your bank details. The email is very similar to your genuine one, or maybe even is actually from your own account. Payroll amend the details and your salary is diverted. On payday is your reponse (a) " that's unfortunate but I understand. I'll try & get the money myself" or (b) "That's unfortunate, but not my fault, you owe me a months salary, where's my money?". I suspect it will be (b).
Let's say your salary gets paid monthly by bank transfer, your email is hacked and a message is sent to payroll amending your bank details. The email is very similar to your genuine one, or maybe even is actually from your own account. Payroll amend the details and your salary is diverted. On payday is your reponse (a) " that's unfortunate but I understand. I'll try & get the money myself" or (b) "That's unfortunate, but not my fault, you owe me a months salary, where's my money?". I suspect it will be (b).
Gassing Station | Speed, Plod & the Law | Top of Page | What's New | My Stuff