All victims agreed to share their story when submitting their report to Scamwatch and their personal details have been changed.
Business email compromise – victim lost $190,000
We are the victims of an email hacking scam. The scammers appear to have hacked a supplier’s email and advised us of a change in bank details. The scammers sent us invoices with amended bank details as well as the prior email trail to and from the supplier so they must have been in their IT system. Everything was a perfect copy of a real version of the invoices we were so used to. We didn’t notice the difference. Thinking it was real we sent an amount of $190 000 but the real supplier never received it. The email address was also correct for the supplier, but they told us that they did not receive our responses. The scammers seem to have some way of hiding our responses from the supplier. We didn’t find out about this until our supplier contacted us via phone to talk about not receiving the money.
What were some signs that this was a scam?
- In this case the invoices looked entirely genuine and the scammers had even included copies of previous invoices to make it appear genuine.
- The business even checked that the email address of the sender matched the supplier’s email address.
- The one sign that this was a scam was the change in bank details. Scammers often pose as one of your regular suppliers and tell you that their banking details have changed. They may tell you they have recently changed banks, and may use stolen letterhead and branding or even hacked emails to convince you they are legitimate.
What are some things the business could have done to have avoided the scam?
- The business could have contacted the supplier directly using a second, reliable mode of communication such as a known phone number to verify the request to change bank details.
- The business could consider a multi-person approval process for transactions over a certain dollar threshold with processes in place to ensure the business billing them is the one they normally deal with.
- In this case the supplier’s emails were hacked. The supplier could have had measures in place to avoid their systems being compromised, including keeping their IT security up-to-date by regularly patching their systems, ensuring they regularly run antivirus software and have a good firewall to protect their data.