Desperately seeking advice on email interception fraud

[ripski70]

Hi All ( Please move to correct sub-forum if I've posted incorrectly )

Ok to keep this brief
I have been in talks (emailing ) with a company for months, eventually they placed an order for my products. When the time came to ship I sent a pro forma invoice( as agreed), emailed to say the products had been shipped and basically ok now pay me please. I received a reply saying thanks, I'll pass this to accounts. 7 days go by I'm emailing and phoning to be told yes it'll be paid blah blah usual story. 9th day still no payment, I email to be told we've paid !! they eventually send me a screen shot of my invoice with different details. They paid the money into a fraudsters account, they also received emails alleging to be from me asking to change account details.
Now I've contacted the police and my email account manager as I can only assume my email was compromised in some way but we are not sure. They have reported it to the bank who are investigating. Obviously it's not certain they will retrieve the money.
They have offered to pay me 50% of the invoice as they are blaming me because my email was interfered with. I'm also blaming them for not showing due diligence and not picking up on such an obvious fraud. The fraudulent emails are so different from mine, poor English/spelling it's obvious they are from a different person.
Please any advice ?? Where does blame lie ? should I accept the 50% ? take them to small claims as contractually I have upheld my end of the bargain but they haven't. This has been devastating for us, we are a tiny brand and this is a huge amount of money for us.

 

[Newchodge]

You have fulfilled your part of the contract, they have not.

 

[Mr D]

It's unlikely to be email interception. They were the victim of a common scam that businesses and individuals get targeted in. An email message specifying change of account - easy enough done. Just has to look like its from you.
Unlikely to get their money back.

Oh and one source of these emails are staff at either end. Not the only source but one possible source.
Hopefully you do not have staff involved.

Even if you had not been lending money this scam could still have hit them. Just you would not have been waiting for money in the meantime.

 

[ripski70]

You have fulfilled your part of the contract, they have not.

Yes I agree but where do I go from here, they are blaming me.

 

[ripski70]

It's unlikely to be email interception. They were the victim of a common scam that businesses and individuals get targeted in. An email message specifying change of account - easy enough done. Just has to look like its from you.
Unlikely to get their money back.

Oh and one source of these emails are staff at either end. Not the only source but one possible source.
Hopefully you do not have staff involved.

Even if you had not been lending money this scam could still have hit them. Just you would not have been waiting for money in the meantime.

They received fake emails alleging to be from me, and they got hold of an emailed invoice and I'm assuming photo shopped in their own details.

 

[MBE2017]

End of the day they still owe you the money, pro forma invoice in my day meant payment up front. If they have fallen for a scam it is unfortunate but does not relieve them of their obligation to pay.

I would suggest you state full payment is required and you can discuss other possibilities once a full police investigation has taken place.

 

[Mr D]

They received fake emails alleging to be from me, and they got hold of an emailed invoice and I'm assuming photo shopped in their own details.

Yes, easy enough for them to do. Once they know that an invoice is outstanding.
Hence one element of suspicion is to look at staff in either company. For all the other side know you could be in on it.

May be worth checking your computer security too - in case someone has been rooting around in your systems to know who to target.

 

[Mr D]

Yes I agree but where do I go from here, they are blaming me.

Well hardly expect them to be blaming themselves and they have no way of proving you were not involved.

That doesn't negate the outstanding lending of money between businesses.

 

[ripski70]

Well hardly expect them to be blaming themselves and they have no way of proving you were not involved.

That doesn't negate the outstanding lending of money between businesses.

Surely It's obvious I'm not involved as I am still owned over 4k and they have 2500 of my products.

 

[Mr D]

Surely It's obvious I'm not involved as I am still owned over 4k and they have 2500 of my products.

Not obvious to the victims of the fraud that the party they owe money to isn't involved. Until police clear you or you convince the victims.

Someone knew to get the email sent (can be from any system) to the victim with the change in bank details for payment.
Pointless the scammer just sending out a billion emails randomly hoping to hit the few businesses you have lent money to. For all the victim knows its a way for you to try getting extra cash.

 

[Newchodge]

Point out that they have failed to fulfill their side of the bargain, that they have been deceived by failing to follow proper procedure with regard to the fake emails, and you are sorry they have been deceived, but you expect payment in full.

There has been so much publicity about this kind of scam that I expect the next one to be customers claiming to have paid a scammer when, in fact, they have paid nothing.

 

[ripski70]

Point out that they have failed to fulfill their side of the bargain, that they have been deceived by failing to follow proper procedure with regard to the fake emails, and you are sorry they have been deceived, but you expect payment in full.

There has been so much publicity about this kind of scam that I expect the next one to be customers claiming to have paid a scammer when, in fact, they have paid nothing.

Great advice but what about their argument that it is partly my fault because it was my email account that was used by the fraudsters?

 

[Mr D]

Great advice but what about their argument that it is partly my fault because it was my email account that was used by the fraudsters?

Was it actually your account?

Does the email with the amended bank details show in your 'sent' folder?

 

[ripski70]

Would people recommend using the small claims process if after the bank has said they cannot refund the money to the customer ?

 

[ripski70]

Was it actually your account?

Does the email with the amended bank details show in your 'sent' folder?

No it doesn't I have none of the fraudulent emails in any folders but they would delete those surely ?

 

[Mr D]

No it doesn't I have none of the fraudulent emails in any folders but they would delete those surely ?

Possibly they would delete them.
Or maybe not use your system to send them.

These days the scammers will sometimes make it look to the recipient like its come from a kosher address.

[email protected] (as an example of correct email)
[email protected] as a fake - there will be people who don't think anything of it being incorrect.

To the recipient it may look OK without ever coming from you personally.

Police will have the expertise to track the email back if its been kept by the victim. If the police bother.
Sorry to say but police do not appear much interested in much cybercrime, online scams and people being tricked into parting with money. Hopefully the victim will have reported it.

 

[Nico Albrecht]

There is a good chance that your email system has been compromised. Checking email server logs and increasing security is a must. At least you should have 2 factor authentication on your email system. Also 4k value don't expect the police to do much about it fast. You would need 5 figures to make it worth their time Also analysis of the fraudulent email header is a good start, it can be faked too but it is a good starting point.

 

[ripski70]

There is a good chance that your email system has been compromised. Checking email server logs and increasing security is a must. At least you should have 2 factor authentication on your email system. Also 4k value don't expect the police to do much about it fast. You would need 5 figures to make it worth their time Also analysis of the fraudulent email header is a good start, it can be faked too but it is a good starting point.

Thank you, yes done and doing all that. My question really is about accountability, it appears my email was compromised and so although I made reasonable steps to prevent it, it happened. Is that my fault ?

 

[UKSBD]

Thank you, yes done and doing all that. My question really is about accountability, it appears my email was compromised and so although I made reasonable steps to prevent it, it happened. Is that my fault ?

Are you sure they are not the actual fraudsters?

 

[Newchodge]

I would have thought that, if it was your email account that was hacked, this would have happened to more than one of your customers. Have you checked/

Also, I would put in place in your TCs that payment will only be accepted into the account separately notified when the order was accepted and no change to that will be requested. And draw people's attention to it specifically.

 

[JEREMY HAWKE]

There needs to be a bigger awareness now when paying invoices. If a supplier indicates that they have made a change it should be custom and practice that they are phoned and the change discussed and confirmed with them

 

[ripski70]

I would have thought that, if it was your email account that was hacked, this would have happened to more than one of your customers. Have you checked/

Also, I would put in place in your TCs that payment will only be accepted into the account separately notified when the order was accepted and no change to that will be requested. And draw people's attention to it specifically.

Yes I have checked and no, yes that is good advice thank you

 

[ripski70]

There needs to be a bigger awareness now when paying invoices. If a supplier indicates that they have made a change it should be custom and practice that they are phoned and the change discussed and confirmed with them

Yes I totally agree, they are a huge company going for years, we are 2 yrs old and tiny. Surely experience would have told them something is off here let me just pick up the phone and check.

 

[Mr D]

Yes I totally agree, they are a huge company going for years, we are 2 yrs old and tiny. Surely experience would have told them something is off here let me just pick up the phone and check.

The company might. But you are not dealing with the company.
You are dealing with people within the company.

And suppliers do sometimes change bank accounts so a request to make payment elsewhere wouldn't necessarily raise flags in any staff member dealing with supplier accounts.
Not everyone is aware of this particular scam - its been on news services a few times, if you don't click the details you won't know about the scam.
Those who do know should at the very least look up the number they have (not from the paperwork with changed account) and ring to confirm.

That company has likely lost its money. You likely have not, though it is causing delay in your payment.

 

[Andγ]

It's far more likely that it is their email that has been compromised. It's still easy to fake the "from" address of an email.

1. Their email systems are compromised so that a fraudster is able to log into their email system and read all of their emails.
2. The fraudster sees your emails in their system, and creates further emails using your name and email address in the "from" address, asking for bank account details to be changed.

I'd say this is as likely, and probably more likely, than your email system being compromised.

 

[ripski70]

It's far more likely that it is their email that has been compromised. It's still easy to fake the "from" address of an email.

1. Their email systems are compromised so that a fraudster is able to log into their email system and read all of their emails.
2. The fraudster sees your emails in their system, and creates further emails using your name and email address in the "from" address, asking for bank account details to be changed.

I'd say this is as likely, and probably more likely, than your email system being compromised.

I agree but then I guess I would !! It just seems odd that they just happened to hack my account and find one of the very few yet biggest invoices we've ever sent. Whereas the customer is dealing with invoices every day.

 

[ripski70]

The company might. But you are not dealing with the company.
You are dealing with people within the company.

And suppliers do sometimes change bank accounts so a request to make payment elsewhere wouldn't necessarily raise flags in any staff member dealing with supplier accounts.
Not everyone is aware of this particular scam - its been on news services a few times, if you don't click the details you won't know about the scam.
Those who do know should at the very least look up the number they have (not from the paperwork with changed account) and ring to confirm.

That company has likely lost its money. You likely have not, though it is causing delay in your payment.

When you say ' You likely have not' with regards payment -what do you mean ? they are refusing to pay 100% of the invoice because they are saying it was partly my fault because they think my email was hacked. Its in the hands of the banks at the moment

 

[Mr D]

When you say ' You likely have not' with regards payment -what do you mean ? they are refusing to pay 100% of the invoice because they are saying it was partly my fault because they think my email was hacked. Its in the hands of the banks at the moment

You are owed money, you haven't been paid.
The fact they have been subject to a scam doesn't satisfy that debt.

They will pay. Just may take time and effort.

 

[Mr D]

I agree but then I guess I would !! It just seems odd that they just happened to hack my account and find one of the very few yet biggest invoices we've ever sent. Whereas the customer is dealing with invoices every day.

And just one invoice has an account change.
If they all had changes it would look suspicious. One change isn't suspicious.

 

[ripski70]

You are owed money, you haven't been paid.
The fact they have been subject to a scam doesn't satisfy that debt.

They will pay. Just may take time and effort.

Ok yes I agree, so if the bank doesn't refund them the money and they still only offer to pay 50% should we take them to small claims ?

 

[Mr D]

Ok yes I agree, so if the bank doesn't refund them the money and they still only offer to pay 50% should we take them to small claims ?

Yes that's one option.
Up to you how softly you treat them, its quite possible by now you have lost them as a customer for future work if they blame you.
You know its not you, they cannot know that and its always easier to blame others than yourselves.
I'm more inclined to think its them based on what you have posted.