Scammed by a Hacked email account
Discussion
Jasandjules said:
jeremyc said:
Too late now, but a top tip when using account details for the first time: transfer a small, random amount (a few pence) to the account and call the recipient to confirm how much they have received. 
Yup I always do £1. A pal who's a Gas Engineer was taken to court for this, it was a spoofed email wanting payments for work which had been quoted for (legitimate quote).
The payment was made to the scammed account prior to the work being done despite being told they would be billed after the installation was completed.
Small claims court chucked it out, onus is on the person making a payment/transfer to confirm who the hell they are paying essentially.
Gas Engineer now has added a note to all his emails that no payment requests or details will be requested via email blah blah blah.
On a corporate level this is much more successful, we nearly had a payment go out of our US business for $10m, they Phish for info build up a profile and they will even wait until they know a CEO or MD/FD is out of the country on his hols before firing off the plan, usually set up to put pressure on someone lower down the chain that they need to perform an approval whilst the other person is on leave etc
Well thought out and well resourced was the comment made by our security expert.
The payment was made to the scammed account prior to the work being done despite being told they would be billed after the installation was completed.
Small claims court chucked it out, onus is on the person making a payment/transfer to confirm who the hell they are paying essentially.
Gas Engineer now has added a note to all his emails that no payment requests or details will be requested via email blah blah blah.
On a corporate level this is much more successful, we nearly had a payment go out of our US business for $10m, they Phish for info build up a profile and they will even wait until they know a CEO or MD/FD is out of the country on his hols before firing off the plan, usually set up to put pressure on someone lower down the chain that they need to perform an approval whilst the other person is on leave etc
Well thought out and well resourced was the comment made by our security expert.
350Z on the Wolds said:
julian64 said:
It didn't come from his email account. It would be difficult to do that without knowing his passwords. It is much more likely it is a targeted phishing email but from an alternative site.
The difference between the tw is probably where I'd draw the line at who's fault it was.
Op needs to look in the email properties and actually confirm it came from the builders account. I think its unlikely though
Not difficult at all. Look into email spoofing.The difference between the tw is probably where I'd draw the line at who's fault it was.
Op needs to look in the email properties and actually confirm it came from the builders account. I think its unlikely though
https://www.makeuseof.com/tag/scammers-spoof-email...
We get them in our industry all the time. Unfortunately these days it's very difficult to trust emails of this nature. For all our sales now, we confirm amounts and bank details when we first chat to the customer and then when we invoice we will often confirm the details over the phone to be sure for new customers. For existing ones we simply warn we will not ever change our bank details.
Be safe out there people!!
siremoon said:
Possible but more probable is that it didn't come from the builder's email account at all and the true sender of the email faked the sender address as unfortunately that is not very difficult to do. That means you cannot rely on the sender address to confirm definitively the origin of an email. I hope you get this resolved but a lesson for the future is never act on account change information received by email without checking with the supposed originator that they did in fact send it.
This guy talks sense. The from email address is easily faked. Look in the header properties of an email at the very least.If its Microsoft outlook double click on the email itself to bring it up, then file -> info.-> properties
Look at the internet headers. You can pretty much tell if its spoof from those. It'll show you the redirection and you can use one of the many internet websites to track the IP/email used. 99% chance its a university in india.
julian64 said:
This guy talks sense. The from email address is easily faked. Look in the header properties of an email at the very least.
If its Microsoft outlook double click on the email itself to bring it up, then file -> info.-> properties
Look at the internet headers. You can pretty much tell if its spoof from those. It'll show you the redirection and you can use one of the many internet websites to track the IP/email used. 99% chance its a university in india.
Nonsense. If you do all/any of that on receiving a "we've changed our bank account" email instead of PICKING UP THE PHONE, you're letting your inner nerd get in the way of your common sense.If its Microsoft outlook double click on the email itself to bring it up, then file -> info.-> properties
Look at the internet headers. You can pretty much tell if its spoof from those. It'll show you the redirection and you can use one of the many internet websites to track the IP/email used. 99% chance its a university in india.
jeremyc said:
Too late now, but a top tip when using account details for the first time: transfer a small, random amount (a few pence) to the account and call the recipient to confirm how much they have received.
Very much this. Confirm by phone before accepting any change in expected payment. Really, always be suspicious of email.Escapegoat said:
julian64 said:
This guy talks sense. The from email address is easily faked. Look in the header properties of an email at the very least.
If its Microsoft outlook double click on the email itself to bring it up, then file -> info.-> properties
Look at the internet headers. You can pretty much tell if its spoof from those. It'll show you the redirection and you can use one of the many internet websites to track the IP/email used. 99% chance its a university in india.
Nonsense. If you do all/any of that on receiving a "we've changed our bank account" email instead of PICKING UP THE PHONE, you're letting your inner nerd get in the way of your common sense.If its Microsoft outlook double click on the email itself to bring it up, then file -> info.-> properties
Look at the internet headers. You can pretty much tell if its spoof from those. It'll show you the redirection and you can use one of the many internet websites to track the IP/email used. 99% chance its a university in india.
siremoon said:
Possible but more probable is that it didn't come from the builder's email account at all and the true sender of the email faked the sender address as unfortunately that is not very difficult to do. That means you cannot rely on the sender address to confirm definitively the origin of an email. I hope you get this resolved but a lesson for the future is never act on account change information received by email without checking with the supposed originator that they did in fact send it.
+1The sender address is only really relevant if you tried to reply to the email, and even then the reply to address can be different.
If this phisher sends out 100s of these emails all it takes is someone to make payment without asking any followup questions or confirming the bank details via phone or whatever and it's been worth their time.
You ought to have double checked the bank details over the phone or in person when you were asked to pay into a different account. Don't think your builder is really to blame for your lack of due diligence, sorry.
jesusbuiltmycar said:
I’m spannering it in right now.....!Harder than you might think. The question is easy ... “does this name match the account”. Updating everything that might initiate a payment is harder. Then you have all the edge cases: account is: J Smith ..... is John Smith a match. Seems easy, but when you extend it to XYZ Solicitors, is XYZ Solicitors Ltd a match? I’d go for a ruthless “it’s got to be a precise match”, but most payments would fail...
There was another thread on this the other day. The technique is called 'spear-phishing' as it's a very specific and targeted approach - as a result it's often very effective (as per the evidence posted in this thread alone). There are solutions for businesses to prevent this sort of attack, I work for an IT reseller and supply Barracuda Sentinel which uses AI-driven analysis to spot when emails aren't legit (others sell similar solutions but mostly they're policy-driven which is a bit more hassle to set up and maintain). Things are made worse by the current trend for people to work on mobiles/tablets where it's not as easy to check the origin or legitimacy of an email.
Lazio got taken for about £1.7m a couple of years ago during the transfer period - someone sat and watched the emails then sent their bank details!
https://www.skysports.com/football/news/11862/1130...
Lazio got taken for about £1.7m a couple of years ago during the transfer period - someone sat and watched the emails then sent their bank details!
https://www.skysports.com/football/news/11862/1130...
Edited by Funk on Wednesday 16th January 16:37
julian64 said:
siremoon said:
Possible but more probable is that it didn't come from the builder's email account at all and the true sender of the email faked the sender address as unfortunately that is not very difficult to do. That means you cannot rely on the sender address to confirm definitively the origin of an email. I hope you get this resolved but a lesson for the future is never act on account change information received by email without checking with the supposed originator that they did in fact send it.
This guy talks sense. The from email address is easily faked. Look in the header properties of an email at the very least.If its Microsoft outlook double click on the email itself to bring it up, then file -> info.-> properties
Look at the internet headers. You can pretty much tell if its spoof from those. It'll show you the redirection and you can use one of the many internet websites to track the IP/email used. 99% chance its a university in india.
What I don't understand is why the receiving bank are not liable, either they have failed to check that the account is not being used for money laundering or they are party to it.
A few years ago I changed my business from sole trader to Ltd co, the hoops they made me jump through were un real.
A few years ago I changed my business from sole trader to Ltd co, the hoops they made me jump through were un real.
Dixy said:
What I don't understand is why the receiving bank are not liable, either they have failed to check that the account is not being used for money laundering or they are party to it.
A few years ago I changed my business from sole trader to Ltd co, the hoops they made me jump through were un real.
It may well be an "Innocent" third party. Or at least with plausible deniability, They will often target the vulnerable, desperate or willing victims. Hi you have a UK bank account?? I/my friend needs one to get some money paid into as they don't have/are overdrawn or it can't accept payments. No risk it gets paid in and you draw it out and give them the cash and they will give you a few quid for your trouble. A few years ago I changed my business from sole trader to Ltd co, the hoops they made me jump through were un real.
Dixy said:
What I don't understand is why the receiving bank are not liable, either they have failed to check that the account is not being used for money laundering or they are party to it.
A few years ago I changed my business from sole trader to Ltd co, the hoops they made me jump through were un real.
Banks aren't liable for the same reason airports can't be expected to stop every bit of contraband going through. A few years ago I changed my business from sole trader to Ltd co, the hoops they made me jump through were un real.
It is impossible to check every transaction being made because the whole system would grind to a halt. And, you can be sure that the people being protected would not be thrilled that every payment they make or receive arbitrarily takes much longer because every single transaction is questioned. People want security but not at the cost of actually inconveniencing them.
From the bank's perspective they see a transaction that doesn't look particularly unusual, going from one account to another. If both bank accounts have been vetted at point of inception, and later hacked because the customers are useless with security, then how are they supposed to know that a given transaction is fraudulent?
Banks should implement the name checking immediately. Also banks could offer 2 types of transfer , a free one that clearly states “if you get scammed it’s down to you we do absolutely no checking at all, we simply shift the cash” or one with extended liability where you get a bit more protection but the bank does a bit of due diligence, checks out the bank it’s being paid too, checks the persons/business name and chanrge for this service. It’s madness that £££ is simply transferred on the strength of a few numbers
Graveworm said:
It may well be an "Innocent" third party. Or at least with plausible deniability, They will often target the vulnerable, desperate or willing victims. Hi you have a UK bank account?? I/my friend needs one to get some money paid into as they don't have/are overdrawn or it can't accept payments. No risk it gets paid in and you draw it out and give them the cash and they will give you a few quid for your trouble.
Draw out the cash? How does that work? Fairly sure that if I wanted to draw a couple of thousand out of my bank in cash I'd be having to make an appointment and they would probably be asking what I wanted it for.Some of these cases we are talking about 10's of thousands doesnt the Bribery Act apply?
Chrisgr31 said:
Draw out the cash? How does that work? Fairly sure that if I wanted to draw a couple of thousand out of my bank in cash I'd be having to make an appointment and they would probably be asking what I wanted it for.
Some of these cases we are talking about 10's of thousands doesnt the Bribery Act apply?
Bitcoin or yes cash. I dounbt a couple of thousand would raise any eyebrows. even my cash-point limit is 1000 a day (So 5 to midnight and 5 past would do that) and I am definitely NOT Sunday times rich list. But 10's of thousands possibly and you will have to book it. (Depends on the bank but usually they can do the same day) and they may make a disclosure on that (Unlikely to be anything to do with Bribery Act but I know what you mean), the deposits will probably already have triggered a SAR but they will still give you the cash. Some of these cases we are talking about 10's of thousands doesnt the Bribery Act apply?
Edited by Graveworm on Wednesday 16th January 22:06
Gassing Station | Speed, Plod & the Law | Top of Page | What's New | My Stuff