Scammed by a Hacked email account
Discussion
Recently the builder I have used for many years did some work for me, he sent the invoice by email as normal.
But during that night I got another email from him asking to use his other account to pay into, to which I did.
Turns out his email has been hacked and another of his customers along with me paid into this bogus account.
Who is liable assuming the money can not be recovered through the Banks / Police. Do I have to pay him again due to paying into a false account or does the builder have to suck it up as it was his mail account hacked.
To expand the email I got from his account was very convincing using all the same type of language and came from his normal email address we have used to do business on for years!
But during that night I got another email from him asking to use his other account to pay into, to which I did.
Turns out his email has been hacked and another of his customers along with me paid into this bogus account.
Who is liable assuming the money can not be recovered through the Banks / Police. Do I have to pay him again due to paying into a false account or does the builder have to suck it up as it was his mail account hacked.
To expand the email I got from his account was very convincing using all the same type of language and came from his normal email address we have used to do business on for years!
This is becoming increasingly common now it seems although most normally with solicitors - many now confirm when setting up the relationship that they will never change bank details by email.
Happy to be proven wrong but think the liability still lies with you, at the end of the day you’ve transferred the money somewhere else on somebody else’s instruction and they’ve sill done the work which you were obviously happy with to pay.
Happy to be proven wrong but think the liability still lies with you, at the end of the day you’ve transferred the money somewhere else on somebody else’s instruction and they’ve sill done the work which you were obviously happy with to pay.
It didn't come from his email account. It would be difficult to do that without knowing his passwords. It is much more likely it is a targeted phishing email but from an alternative site.
The difference between the tw is probably where I'd draw the line at who's fault it was.
Op needs to look in the email properties and actually confirm it came from the builders account. I think its unlikely though
The difference between the tw is probably where I'd draw the line at who's fault it was.
Op needs to look in the email properties and actually confirm it came from the builders account. I think its unlikely though
From a business & customer point of view sending bank details in an email (non encrypted/password protected) is not a particularly good idea at the best of times let alone a casual -"changed my account details send it here instead" message. I would phone someone to check that kind of email.
Anyhow, it's already happened, it is a long shot but some business insurance policies include cyber crime so the builder maybe able to claim from that. That doesn't change the fact that someone somewhere has some money of yours.... I find it obscene that banks don't have a system in place to recall money from any account when you can prove it was sent in error. Although the chances of your money being in the same account you sent it to must be incredibly slim.
Best of luck getting some kind of resolution!!
Anyhow, it's already happened, it is a long shot but some business insurance policies include cyber crime so the builder maybe able to claim from that. That doesn't change the fact that someone somewhere has some money of yours.... I find it obscene that banks don't have a system in place to recall money from any account when you can prove it was sent in error. Although the chances of your money being in the same account you sent it to must be incredibly slim.
Best of luck getting some kind of resolution!!
julian64 said:
It didn't come from his email account. It would be difficult to do that without knowing his passwords. It is much more likely it is a targeted phishing email but from an alternative site.
The difference between the tw is probably where I'd draw the line at who's fault it was.
Op needs to look in the email properties and actually confirm it came from the builders account. I think its unlikely though
Not difficult at all. Look into email spoofing.The difference between the tw is probably where I'd draw the line at who's fault it was.
Op needs to look in the email properties and actually confirm it came from the builders account. I think its unlikely though
https://www.makeuseof.com/tag/scammers-spoof-email...
We get them in our industry all the time. Unfortunately these days it's very difficult to trust emails of this nature. For all our sales now, we confirm amounts and bank details when we first chat to the customer and then when we invoice we will often confirm the details over the phone to be sure for new customers. For existing ones we simply warn we will not ever change our bank details.
Be safe out there people!!
hkp57 said:
We already checked and the email with instructions to me did come from the builders email address but from an IP address in Slough.
Possible but more probable is that it didn't come from the builder's email account at all and the true sender of the email faked the sender address as unfortunately that is not very difficult to do. That means you cannot rely on the sender address to confirm definitively the origin of an email. I hope you get this resolved but a lesson for the future is never act on account change information received by email without checking with the supposed originator that they did in fact send it. Lopey said:
I'd disagree tbh. If it came from his email account, then it's the builders responsibility to keep it secure.
Who's to say the builder isn't lying about being hacked and is trying to get paid twice for the same job?
Why?Who's to say the builder isn't lying about being hacked and is trying to get paid twice for the same job?
Who's to say that you aren't the scammer, or Lord Lucan?
julian64 said:
It didn't come from his email account. It would be difficult to do that without knowing his passwords. It is much more likely it is a targeted phishing email but from an alternative site.
The difference between the tw is probably where I'd draw the line at who's fault it was.
Op needs to look in the email properties and actually confirm it came from the builders account. I think its unlikely though
If it's a spoof then you will be liable imo. If his account has been hacked, he's not using 2-step verification and I would say that's then his fault.The difference between the tw is probably where I'd draw the line at who's fault it was.
Op needs to look in the email properties and actually confirm it came from the builders account. I think its unlikely though
If you've reported it within 48 hours, there's a good chance you'll get the money back. Happened recently to my BiL and the money was traced and returned.
Unfortunately you are liable. I run a business and the same thing happened to my Office Manager last year. Princely sum of nearly £20k. Her e-mail had been hacked and was being watched for certain words such as invoice, payment etc. The e-mail she received was an exact copy of one of our suppliers changing bank account details and she paid the money without thinking. We got £7.90 back from the account which was in Singapore IIRC. Was a bitter pill to swallow.
Sheepshanks said:
julian64 said:
It didn't come from his email account. It would be difficult to do that without knowing his passwords. It is much more likely it is a targeted phishing email but from an alternative site.
That would be pretty amazing targeting.It will be a hacked account. You can buy thousands of account information for minimal outlay. Due to password re-use being so prevalent the accounts can easily be checked if they work against multiple major platforms through automated checking. 99% of account information comes from hacked websites, or from malware installation. I work in IT security.
The scammers work on blind trust, and the banks will reject your claim as you authorised the payment from your account in good faith - although saying that the more recent FCA regulations state that lookup's have to occur against sort code and account number to match name etc. But, that is not coming into practice for another year or so, some banks have already done it.
This is why you should have a different password for different websites. Get a password manager like 'last pass' before anyone asks how to remember them all.
You can no more trust the from address on an email than you can the letterhead on a letter. It's trivial to change it.
I wonder if traders shouldn't be digitally signing their letters for this sort of thing - of course, most users wouldn't check, and those likely to would not be the ones likely to fall for a scam in the first place, so...
I wonder if traders shouldn't be digitally signing their letters for this sort of thing - of course, most users wouldn't check, and those likely to would not be the ones likely to fall for a scam in the first place, so...
I was nearly caught out in my previous company... an email, supposedly from me, from my email address, with the correct signature panel, went out to several operating companies within my company asking for payments around £5k. Low enough not to get attention.
However, someone had the good sense to contact me to double check - payments were lined up to be made, but stopped in time.
No idea who was behind it.
Easy to be wise after the event. But with millions going out, these frauds can happen.
I suspect the OP has lost his cash.
However, someone had the good sense to contact me to double check - payments were lined up to be made, but stopped in time.
No idea who was behind it.
Easy to be wise after the event. But with millions going out, these frauds can happen.
I suspect the OP has lost his cash.
My employer recently had a very convincing targeted scam attempt spoofing our accountant's address. The social engineering side of that is easy enough to figure out from filings at Companies House.
My sister got scammed via a cousin's compromised Facebook account - scammer had hacked someone's PayPal account, and then used cousin's Facebook messenger to ask my sister if she could take payment for something they claimed the cousin was selling. Sister was busy at a school fete and not really paying attention, and the scammer had quite accurately imitated the cousin's way of writing, so she went along with it. Scammer transferred money from the hacked Paypal account to my sister's account, sister extracted it and transferred it to the scammer's account, scammer withdrew the cash. Paypal victim reported the transaction, Paypal clawed the cash back, sister's bank couldn't recover the money from the scammer, sister left out of pocket.
She was kicking herself because she should have known better, but was distracted. Highlights the importance of using strong passwords for even banal things like social media accounts, though, because they can be compromised and used to scam someone you know.
People need to be wary and to pick up the phone if there is the slightest doubt.
My sister got scammed via a cousin's compromised Facebook account - scammer had hacked someone's PayPal account, and then used cousin's Facebook messenger to ask my sister if she could take payment for something they claimed the cousin was selling. Sister was busy at a school fete and not really paying attention, and the scammer had quite accurately imitated the cousin's way of writing, so she went along with it. Scammer transferred money from the hacked Paypal account to my sister's account, sister extracted it and transferred it to the scammer's account, scammer withdrew the cash. Paypal victim reported the transaction, Paypal clawed the cash back, sister's bank couldn't recover the money from the scammer, sister left out of pocket.
She was kicking herself because she should have known better, but was distracted. Highlights the importance of using strong passwords for even banal things like social media accounts, though, because they can be compromised and used to scam someone you know.
People need to be wary and to pick up the phone if there is the slightest doubt.
jeremyc said:
Too late now, but a top tip when using account details for the first time: transfer a small, random amount (a few pence) to the account and call the recipient to confirm how much they have received. 
This. Every time.(And, yes, a few bemused souls will think you're being too careful. Some can't understand what you are doing, nor get their tiny minds around the point of TFA. They are the ones who will be duped in the future.)
Gassing Station | Speed, Plod & the Law | Top of Page | What's New | My Stuff