An email from Simon to Jane took 14 hours to arrive. It cost them $51,000 A simple phone call could have fixed this from the start..
It is not uncommon, know of people it has happened to buying on online auctions Only takes a few minutes for some-one to intercept change and resend email.. Any new or different bank account numbers should be verified by text message
Before our build started, I sent $1 to our builder to check he got it, and then I knew it would automatically populate within online banking when I started paying invoices. I still take a quick look at the account details, even for an auto-populated transfer, because it is in the back of my head that I'm sending a big amount and if it goes to the wrong place, I likely will not see it again. Reading this really is worrying. I like to think if I noticed the account number was different to the auto-populated bank details, I'd question it, call the builder or supplier before sending money. But when things are busy, maybe I would have fallen for something like this too. I guess if I got an email saying someone had changed their bank details, I'd possibly assume it was from the correct person, so while I think I'm being careful, a dodgy email could probably trip me up, especially when I'm expecting an invoice (like the lady in the story). I like to think such an email would trigger a warning in my head, but there have been days when I'm so busy with numerous invoices arriving within a short time, and wanting to pay them, update my records and clear my desk, that something could slip past me. I made the final payment to our builder a few days ago, thankfully. Each time I pressed "pay" I did have a frisson of fear and sometimes when the bills were over $100k I'd check, double check and then check again. But I am not convinced I would be totally safe from a scammer if it was a clever enough scam.
The bank transfer system is seriously flawed. There should be a "check system" in place. Whenever a bank account number has been changed, the person making the payment should receive a pop up on their screen warning them that the bank acct number has been changed and to contact the recipient of the funds to verify.
Professor Hyphen-Guy "...believes hackers gained remote access by hacking the builder's website and surreptitiously redirecting visitors to another site which installed malicious software." I realise he has to justify his tenure, but I'm (maybe naively) unsure why emailing an invoice from point A to point B would involve accessing the builder's website, resulting in the download of malware, where that malware was later not found on either users' PCs. Anyway, whatever. More likely, some wally hacker accessed Jane's email Inbox via Webmail, downloaded the attachment (invoice copy), deleted the email from the Inbox, modified the attachment and then resent the email, spoofing the FROM address, and explaining the subsequent time lapse. Jane then, from what the ABC story indicates, went and paid 51 grand via Bendigo Bank to a CBA account, all of which is legit, so it's a bit of a stretch to blame the banks, as they were following the instructions they had been given. Although @datto 's check system has a lot of merit. Maybe, Jane should have made a call (or not, depending on your point of view), but the real question is "Did Simon get paid?", whilst Jane sorts out whatever IT and finance issues she has...
The solicitor handling our property sale these past few months has a huge warning about scams on all their correspondence. This is all new to me. It instructs their clients to never put bank account details in an email or text, but to verbally give our account details only, ie phone to check. We also had to physically visit their office with our photo ID when we first engaged them.
It really surprises me that in this day and age, businesses are not set up with portals where a regular client can’t go in and retrieve invoices. Similarly, my solicitor (selling property) sends me a document asking me to sign and fill my credit card details in/pay into their trust account, without any encryption. Even with signing something, I don’t understand why they don’t use services like DocuSign, which is a lot more secure.
Lots of scams at the moment! I was recently scammed myself. A family member sent me an email with a code for a Black Friday sale where you bought a $200 gift card for $300 worth of value at this shop during this week. She had already bought hers and I asked for the email. It all looked legit but I didn’t question it, just bought it. It was done through shopify. Someone inside shopify was intercepting emails and when my gift card didn’t work I called the shop and they told me it was a scam. It was purchased on credit card so I’ll get my money back but now I’m without a credit card during the Black Friday sales!
To be fair there are some awesome Black Friday deals about. Last year I got $800 off a $2000 TV. This year I don’t have a credit card!
I'm thinking it would really make sense for tradies to start making CC the preferred method of payment. The Y-man
Join Washington Brown's Tax Agent Referral Program At Washington Brown, we prioritise our referral clients and guarantee a turnaround time of 7 days. Find out about other benefits of our Referral Partner Program and get in touch today. You and your clients will benefit. » Get In Touch Today