Discussion
Just wondering what peoples thoughts on this are, as I have no idea.
My brother runs a building company, and 2 weeks ago today he emailed 2 customers their monthly invoice, as a word doc attached to email. BACs details on bottom of invoice
Customer 1 was for £16500 (first invoice for them)
Customer 2 was for £25500 (3 rd invoice for them)
He was going on holiday the next day so asked his business partner to chase them and keep look out for money. By Monday nothing had arrived in the bank so he called Customer 1, to be told, oh we have paid you, brothers business partner says nothing in account yet, to be told, no, we got an email from Dave, my brother, saying we have closed the acc on your invoice, please pay into this new acc, details enclosed, which they did. They then forwarded over a full copy of emails from my brother, ONLY it wasn't my brother, somebody has hacked his email acc, intercepted these emails and sent over their own bank details.
I have seen the emails and you really do think its my brother you are talking to, same email, his proper signature and contact details at bottom of email, very scary stuff.
By chance customer 2 called the office asking was it right that the bank details have been changed.
Brother changed his password using his ipad while on holiday, only to find it had been changed again within 5 mins, so he was unable to access email acc, called AOL and they just didn't give a toss.
Customer 1s bank, Santander are in talks with TSb fraud team which is where the fraud acc is based, at present Customer 1 is £16500 out of pocket, as is my brother. Santander have said some money has been taken out of the TSB account, but would not say how much, and where or how.
So, who is liable,
Customer 1 for sending money to wrong acc
My brother for having his email hacked
AOL for allowing email to be hacked
Or the banks, for, oh I don't know, lets just blame them.
Welcome any views on this.
My brother runs a building company, and 2 weeks ago today he emailed 2 customers their monthly invoice, as a word doc attached to email. BACs details on bottom of invoice
Customer 1 was for £16500 (first invoice for them)
Customer 2 was for £25500 (3 rd invoice for them)
He was going on holiday the next day so asked his business partner to chase them and keep look out for money. By Monday nothing had arrived in the bank so he called Customer 1, to be told, oh we have paid you, brothers business partner says nothing in account yet, to be told, no, we got an email from Dave, my brother, saying we have closed the acc on your invoice, please pay into this new acc, details enclosed, which they did. They then forwarded over a full copy of emails from my brother, ONLY it wasn't my brother, somebody has hacked his email acc, intercepted these emails and sent over their own bank details.
I have seen the emails and you really do think its my brother you are talking to, same email, his proper signature and contact details at bottom of email, very scary stuff.
By chance customer 2 called the office asking was it right that the bank details have been changed.
Brother changed his password using his ipad while on holiday, only to find it had been changed again within 5 mins, so he was unable to access email acc, called AOL and they just didn't give a toss.
Customer 1s bank, Santander are in talks with TSb fraud team which is where the fraud acc is based, at present Customer 1 is £16500 out of pocket, as is my brother. Santander have said some money has been taken out of the TSB account, but would not say how much, and where or how.
So, who is liable,
Customer 1 for sending money to wrong acc
My brother for having his email hacked
AOL for allowing email to be hacked
Or the banks, for, oh I don't know, lets just blame them.
Welcome any views on this.
redddraggon said:
No connection as far as I know, the amount in question was as near as dam it to £16,500Breadvan72 said:
AOL? A business that uses AOL? [Checks date to see if it is 1996. it isn't.] Crikey, no wonder you were scammerhacked.
I wasn't ,my brother was.Sadly, not all of us, me included are clued up on email/internet security. We just presume having anti virus and being careful with what sites we visit and what files we open should be enough. Seems it's not these days.
Update..
Following a meeting this am the customer who is £16,500 out of pocket has been told the "scam" account has been frozen, and that some money has been taken out, the bank however will not be telling them how much until a week Tuesday.
Thank you folks for all your pointers, good and bad, I have shown my brother this, and the other thread which we have both read with interest.
I'll be back a week Tuesday to let you all know how much they got away with, place yer bets.
Following a meeting this am the customer who is £16,500 out of pocket has been told the "scam" account has been frozen, and that some money has been taken out, the bank however will not be telling them how much until a week Tuesday.
Thank you folks for all your pointers, good and bad, I have shown my brother this, and the other thread which we have both read with interest.
I'll be back a week Tuesday to let you all know how much they got away with, place yer bets.
plasticpig said:
You have made the assumption that he was using unsecured HTTP when there are two viable alternatives. You say he used public wifi. There is nowhere where this is mentioned. The only thing mentioned is that he tried to access his email from abroad. He could be using an iPad with a 3/4g data sim or he could be using a hotel guest WiFi which requires a pass code to connect.
There is no where near enough information to jump to the conclusion you do.
Thanks for pointing this out, At no point did I say email had been sent using public wifi.There is no where near enough information to jump to the conclusion you do.
Original email was sent from office computer, which uses a password protected router.
He changed his passwords using iPad while on holiday using my mothers password protected router, she lives overseas and part of my brothers holiday was a few days with her.
plasticpig said:
You have made the assumption that he was using unsecured HTTP when there are two viable alternatives. You say he used public wifi. There is nowhere where this is mentioned. The only thing mentioned is that he tried to access his email from abroad. He could be using an iPad with a 3/4g data sim or he could be using a hotel guest WiFi which requires a pass code to connect.
There is no where near enough information to jump to the conclusion you do.
Thanks for pointing this out, At no point did I say email had been sent using public wifi.There is no where near enough information to jump to the conclusion you do.
Original email was sent from office computer, which uses a password protected router.
He changed his passwords using iPad while on holiday using my mothers password protected router, she lives overseas and part of my brothers holiday was a few days with her.
Met the couple who paid the £16,500 into the "fake" account back end of last week, they had popped into my brothers office to say the bank had called them to say all the money will be returned to them in the next 7-10 days, minus the £36 which was all that was removed from account.
So all in all a pretty good result all round
(And it's taught a fair few people, me included , the importance of internet security)
So all in all a pretty good result all round
(And it's taught a fair few people, me included , the importance of internet security)
Gassing Station | Speed, Plod & the Law | Top of Page | What's New | My Stuff