Couple lose £120k in email scam
Discussion
Efbe said:
shakotan said:
AndStilliRise said:
shakotan said:
People falling for these scams is just tax on the stupid.
I think you will find that it was a complicated scam, not detectable and actually quite smart. Think it would have caught a number of people out. They did call the solicitor, asking for details of bank account to be e-mailed over.
Later that day they received an e-mail from the solicitor with bank account details included.
They just received an e-mail later that day and decided to put 2 and 2 together, neither did they phone the solicitors to confirm the (fake) account details or call them to confirm the transfer was complete.
It is claimed that it was the customers' email which was hacked, not the solicitor's, which doesn't add up. Unless whoever hacked their e-mail also tapped their phones, how would they have even known about the transfer requirement in the first place, unless of course they didn't phone the solicitor, but e-mail them instead.
Therefore I still stand by my original statement.
Efbe said:
actually the wrong way round. The halifax algorithms are pretty damn sophisticated. they look at the movement of the user to track payments, patterns in what is being bought, creating a profile of the customer and what they usually do/don't do.
Correct, they have some clever little rules that pick up indications that someone is about to go abroad, such as a card being used at a shop near an airport, or having bought travel insurance recently, being used at airside shops or transactions for airport parking, that then lowers the risk rating of foreign payments from that account in the near future. You can also tell your bank you're going abroad via most banking apps. Takes 1 min, and no more declined transactions.
shakotan said:
Efbe said:
shakotan said:
AndStilliRise said:
shakotan said:
People falling for these scams is just tax on the stupid.
I think you will find that it was a complicated scam, not detectable and actually quite smart. Think it would have caught a number of people out. They did call the solicitor, asking for details of bank account to be e-mailed over.
Later that day they received an e-mail from the solicitor with bank account details included.
They just received an e-mail later that day and decided to put 2 and 2 together, neither did they phone the solicitors to confirm the (fake) account details or call them to confirm the transfer was complete.
It is claimed that it was the customers' email which was hacked, not the solicitor's, which doesn't add up. Unless whoever hacked their e-mail also tapped their phones, how would they have even known about the transfer requirement in the first place, unless of course they didn't phone the solicitor, but e-mail them instead.
Therefore I still stand by my original statement.
cmaguire said:
Breadvan72 said:
My bank (Co-op) is so useless in its algorithm-driven post stable door anti-fraud measures that it froze my account after I made a fairly chunky payment of income tax using my debit card. The payment was to a legit HMRC account, and I was in a rush as I was travelling and had left the payment to the last day. The bank then had a wobbly and stopped me spending fifteen quid on petrol. The same system routinely blocks my card every time I try to buy car insurance, and intermittently when I use Amazon. I have the same weary conversation every time and get the block lifted.
Both my Santander (business) and Nationwide cards get occasionally refused when travelling, sometimes after having already been used abroad on the same trip. Phoning them to deal with it might cost £20+ if in Dubai or similar, so I won't do it.My Halifax card I cannot recollect ever being knocked back anywhere. This is obviously the one to clone or steal. I always have this one as a safety net. I put £8000 on it in June as part payment for a bike and half expected a call to verify. Never happened, went straight through.
I
Shakotan, you are literally pissing in the wind. I know all the facts and your presumptions are way off. Is there any valid reason for this thread to be so utterly derailed by small time trolling.
My friends email account was hacked and the hackers replied to many emails from the solicitor, so quite a few emails were sent and received - my friend completely unaware that the hackers were replying on his behalf to the solicitors.
My friend should have quadruple checked the transaction and blames himself for this mess. He is obviously exploring every avenue in an attempt to get his monies returned- I know if it was me, I’d be doing the same, irrespective of blame.
Huge lesson in the making.....
My friends email account was hacked and the hackers replied to many emails from the solicitor, so quite a few emails were sent and received - my friend completely unaware that the hackers were replying on his behalf to the solicitors.
My friend should have quadruple checked the transaction and blames himself for this mess. He is obviously exploring every avenue in an attempt to get his monies returned- I know if it was me, I’d be doing the same, irrespective of blame.
Huge lesson in the making.....
cmaguire said:
Both my Santander (business) and Nationwide cards get occasionally refused when travelling, sometimes after having already been used abroad on the same trip. Phoning them to deal with it might cost £20+ if in Dubai or similar, so I won't do it.
My Halifax card I cannot recollect ever being knocked back anywhere. This is obviously the one to clone or steal. I always have this one as a safety net. I put £8000 on it in June as part payment for a bike and half expected a call to verify. Never happened, went straight through.
I
Halifax bin off my card(s) almost every time I travel abroad. My Halifax card I cannot recollect ever being knocked back anywhere. This is obviously the one to clone or steal. I always have this one as a safety net. I put £8000 on it in June as part payment for a bike and half expected a call to verify. Never happened, went straight through.
I
Nowhere near as sensitive as HSBC though who just take the piss.
PIGINAWIG said:
Shakotan, you are literally pissing in the wind. I know all the facts and your presumptions are way off. Is there any valid reason for this thread to be so utterly derailed by small time trolling.
My friends email account was hacked and the hackers replied to many emails from the solicitor, so quite a few emails were sent and received - my friend completely unaware that the hackers were replying on his behalf to the solicitors.
My friend should have quadruple checked the transaction and blames himself for this mess. He is obviously exploring every avenue in an attempt to get his monies returned- I know if it was me, I’d be doing the same, irrespective of blame.
Huge lesson in the making.....
Keep us updated pleaseMy friends email account was hacked and the hackers replied to many emails from the solicitor, so quite a few emails were sent and received - my friend completely unaware that the hackers were replying on his behalf to the solicitors.
My friend should have quadruple checked the transaction and blames himself for this mess. He is obviously exploring every avenue in an attempt to get his monies returned- I know if it was me, I’d be doing the same, irrespective of blame.
Huge lesson in the making.....
Toaster Pilot said:
Halifax bin off my card(s) almost every time I travel abroad.
Nowhere near as sensitive as HSBC though who just take the piss.
phone them and tell them before you go then!!!Nowhere near as sensitive as HSBC though who just take the piss.
you could even do it through your frickin account...
https://www.halifax-online.co.uk/personal/logon/lo...
Edited by Efbe on Wednesday 25th October 23:08
James_B said:
No, it wasn’t from the solicitor.
from the article originally linked:" Later that morning, an email duly arrived with the firm’s account and sort code detailed in a Word file attachment. This was the first contact he had had with anyone at the law firm, he says."
...
"When I got home I emailed Steed & Steed to confirm I had made the payment and later received a reply from it confirming the funds had been received. "
As is being suggested in this thread, I believed the hack was done on his account, so potentially the attachment was amended after he received it.
Otherwise the scammers would not have known the correct timing to send the e-mail with attachment. Therefore there has to have been a communication that was intercepted.
PIGINAWIG said:
My friends email account was hacked and the hackers replied to many emails from the solicitor, so quite a few emails were sent and received - my friend completely unaware that the hackers were replying on his behalf to the solicitors.
In which case, I don't get this bit in the newspaper article. Is it incorrect?.Later that morning, an email duly arrived with the firm’s account and sort code detailed in a Word file attachment. This was the first contact he had had with anyone at the law firm, he says.
If there had been no previous e-mail from him to the solicitors how did the scammers know that there was such a juicy prize on offer?
Or was there additional information sent by the solicitors other than just the sort code, account number, and name.
If he had been hacked, how come he hadn't been targeted sooner or had all sorts of personal infomation harvested?
How does he know that the solicitor's system hadn't been compromised and that the fraudsters were not scanning their outgoing e-mails.
He is certainly not the first victim of a spoofed solicitor's e-mail - https://www.thetimes.co.uk/static/connected-famili...
It makes far more sense to do that for big sums than target the e-mail accounts of individuals. Bait the trap and wait for the victim to make the transfer.
The mark usually doesn't normally cotton on quickly enough and when he/she does the money has been spirited away.
Furthermore, a Word attachment is one of the commonest ways to spread bad stuff. That in itself is an immediate red flag.
There is absolutely no way that I would open one for anything to do with a financial transaction. I would immediately phone the supposed sender.
This from the Telegraph in 2015.
Rob Hailstone, of Bold Legal Group, a national network of 350 law firms, said email scams and other financial fraud aimed at legal firms had increased significantly in the past six to 12 months.
He said financial information should never be sent in an unprotected email, which could be easily hacked by criminals.
Still waiting to know why your friend didn't receive the required infomation when he telephoned the solicitors.
He rang because he was due to pay his grandmother’s inheritance tax bill to HM Revenue & Customs and needed the law firm’s bank details
If he was given them there was no need for an e-mail. It's all very well for solicitors to put disclaimers on their e-mails (assuming this one does).
But if the first one you get is from a fraudster and the disclaimer is missing how would you know?
A disclaimer is no substitute for solicitors failing to secure their systems which, as has been pointed out, seems to be quite prevalent.
Gassing Station | Speed, Plod & the Law | Top of Page | What's New | My Stuff