Author Topic: Change of Banking details scam - a cautionary tale  (Read 697 times)

Change of Banking details scam - a cautionary tale
« on: February 11, 2021, 10:13:08 pm »
This has just happened to SiL and his business.

The scam is, when you send an invoice to a client, the scammer then sends a follow up email saying "our bank account details have changed please pay a.n.other"  You think this could not happen to you? Well it might not, but here are the salient details.

Their email account was hacked, exactly how is open to question, from an IP address in Nigeria. For several weeks they monitored the account, observing the flow, deleting phishing mails to ward off competition. They used hotmail as their email account, and several people had access. I could see the access pattern in the logs. They waited until they sent out a large invoice and struck. Despite the account looking fishy in the extreme (the account name was a random individual, not a company) they paid it, it appears there was an autorespond set up to "confirm" the account details when the customer queried. Of course, the actual scam is against the customer who hasn't paid, but things aren't always that simple.

Anyhoo. 2fa is set up now. I can't find a control in Microsoft to invalidate machines that are logged in, but the damage is done.

Simple password hygiene would have avoided that, as would regular security checkups on account activity. If you are running a small business, ask yoiurself what controls you have in place to stop that happening.

Feanor

  • It's mostly downhill from here.
Re: Change of Banking details scam - a cautionary tale
« Reply #1 on: February 11, 2021, 10:26:47 pm »
I'm struggling to understand your post.
Can you edit it to clarify stuff?

I'm not clear if your SiL is the person requesting payment, or sending it.
I'd guess sending it, if they have been scammed.
But you say the have a business, and have clients who are paying. so ????

But the flow of stuff beyond there is incomprehensible to me.
What e-mail was hacked? The seller, or the buyer?
Who sent out large invoices?
What account name was random?
Who paid what to who?
What is the details of the autorespond you mention?

Re: Change of Banking details scam - a cautionary tale
« Reply #2 on: February 11, 2021, 10:32:07 pm »
Will fill in the details, but

SiL business does work for Client.

SiL sends invoice to client via email (account has been hacked and is being monitored by hacker)

Hacker sees the invoice go out and sends a request (using business email) to client to pay to a different account

client emails back, "are you sure"

autorespond set up by hacker (or possibly just hacker) says "yes"

Money gets transferred to new, random account and hacker bounces money out to Nigeria.

Re: Change of Banking details scam - a cautionary tale
« Reply #3 on: February 11, 2021, 10:32:35 pm »
I. Ow have several invoices from different firms stating that their ban details have been stable for many years and any email suggesting a change must be ignored.
A friend was almost scammed like this about 2 years ago.

DaveJ

  • Happy days
Re: Change of Banking details scam - a cautionary tale
« Reply #4 on: February 11, 2021, 11:21:29 pm »
In the variation that I heard about, I think the email account was hacked of a firm (A) who had been about to pay another small business (B).  It was for some new work, and anyway the firm (A) did not have the bank details for (B) already set up in the payment system.

The small Business (B) sent an invoice to the form (A).  They had a copy of the email that they had sent in their Sent folder, and that had the correct bank details in it.  The firm (A) just had a print of the PDF that they had received, and the bank details on that were different.

What they guessed was, the firm (A) received the invoice email from the small business (B).  The scammers removed it from the Inbox.  Rebuilt the attached PDF invoice with different bank details, and sent it back to the original recipients (A), spoofing the sending address so it looked like it came from (B).  The firm (A) paid the invoice and all appeared OK until the other small business (B) started chasing up where was their money.

There were other possible explanations, but they all meant that someone at working one of these firms was on the take, and the people who ran the firms chose not to think that.

Anyway, the firm (A) who paid the invoice to the wrong bank account ended up about £5k out of pocket.
 

fuaran

  • rothair gasta
Re: Change of Banking details scam - a cautionary tale
« Reply #5 on: February 11, 2021, 11:58:13 pm »
Bank transfers should now use "Confirmation of Payee". So it checks whether the name entered matches the one registered for that account number.
So that should help to warn you if the money is not going where you expect.

Though seems it is not supported by all banks yet.
https://www.which.co.uk/news/2020/03/confirmation-of-payee-which-banks-are-ready-to-offer-vital-name-checking-service/

Jaded

  • The Codfather
  • Formerly known as Jaded
Re: Change of Banking details scam - a cautionary tale
« Reply #6 on: February 12, 2021, 01:46:19 am »
BoS and Lloyds both do that.
If you don't like your democracy, vote against it.

Re: Change of Banking details scam - a cautionary tale
« Reply #7 on: February 12, 2021, 06:48:14 am »
Regrettably in this instance the target bank account details matched the instructions. Why the payment was made to a Mrs Trellis in North Wales (almost literally), instead of to a limited company is anyone's guess.

The moral of all this is the potential vulnerability and impact of mail.

tiermat

  • According to Jane, I'm a Unisex SpaceAdmin
Re: Change of Banking details scam - a cautionary tale
« Reply #8 on: February 12, 2021, 07:56:10 am »
Bank transfers should now use "Confirmation of Payee". So it checks whether the name entered matches the one registered for that account number.
So that should help to warn you if the money is not going where you expect.

Though seems it is not supported by all banks yet.
https://www.which.co.uk/news/2020/03/confirmation-of-payee-which-banks-are-ready-to-offer-vital-name-checking-service/

Currently only for personal account, IIRC, not business accounts.

This kind of attack is known is really common, so much so that the big banks give you training on how to spot it.

Sorry to hear that your SiL has become a victim, Ham.  Password hygeine and confirmation via a different route (email received, phone client to confirm) are the two most effective ways of combating it.
I feel like Captain Kirk, on a brand new planet every day, a little like King Kong on top of the Empire State

Re: Change of Banking details scam - a cautionary tale
« Reply #9 on: February 12, 2021, 08:01:31 am »
I think this is basically what scammers have been doing with solicitors email and large transfers for some years now.  I spent an awful lot of time keeping elderly FiL away from emails and online transactions for both the sale and purchase activities.

I know of a couple of instances where interception fraud has happened and it's really not nice.  Only the mega rich can ride such potential losses.

Terribly painful:  sorry to hear that your SiL has become a victim.

Jaded

  • The Codfather
  • Formerly known as Jaded
Re: Change of Banking details scam - a cautionary tale
« Reply #10 on: February 12, 2021, 09:10:38 am »
Bank transfers should now use "Confirmation of Payee". So it checks whether the name entered matches the one registered for that account number.
So that should help to warn you if the money is not going where you expect.

Though seems it is not supported by all banks yet.
https://www.which.co.uk/news/2020/03/confirmation-of-payee-which-banks-are-ready-to-offer-vital-name-checking-service/

Currently only for personal account, IIRC, not business accounts.

This kind of attack is known is really common, so much so that the big banks give you training on how to spot it.

Sorry to hear that your SiL has become a victim, Ham.  Password hygeine and confirmation via a different route (email received, phone client to confirm) are the two most effective ways of combating it.

I’ve set up two on the last fortnight, one new one and one when I’ve been informed the banking details have changed. Both were to businesses and in both cases the names were checked out. Banks as mentioned above...
If you don't like your democracy, vote against it.

Change of Banking details scam - a cautionary tale
« Reply #11 on: February 12, 2021, 01:21:28 pm »
Bank transfers should now use "Confirmation of Payee". So it checks whether the name entered matches the one registered for that account number.
So that should help to warn you if the money is not going where you expect.

Though seems it is not supported by all banks yet.
https://www.which.co.uk/news/2020/03/confirmation-of-payee-which-banks-are-ready-to-offer-vital-name-checking-service/

Currently only for personal account, IIRC, not business accounts.

This kind of attack is known is really common, so much so that the big banks give you training on how to spot it.

Sorry to hear that your SiL has become a victim, Ham.  Password hygeine and confirmation via a different route (email received, phone client to confirm) are the two most effective ways of combating it.

I’ve set up two on the last fortnight, one new one and one when I’ve been informed the banking details have changed. Both were to businesses and in both cases the names were checked out. Banks as mentioned above...
In this case the bank details matched though.

You have some work done by abc ltd. They email you an invoice. They then seemingly email you saying please pay it to mr smith and mr smiths bank details. You reply saying “really ?”. They say yes. You pay the money to mr smith.

Jaded

  • The Codfather
  • Formerly known as Jaded
Re: Change of Banking details scam - a cautionary tale
« Reply #12 on: February 12, 2021, 01:25:15 pm »
Bank transfers should now use "Confirmation of Payee". So it checks whether the name entered matches the one registered for that account number.
So that should help to warn you if the money is not going where you expect.

Though seems it is not supported by all banks yet.
https://www.which.co.uk/news/2020/03/confirmation-of-payee-which-banks-are-ready-to-offer-vital-name-checking-service/

Currently only for personal account, IIRC, not business accounts.

This kind of attack is known is really common, so much so that the big banks give you training on how to spot it.

Sorry to hear that your SiL has become a victim, Ham.  Password hygeine and confirmation via a different route (email received, phone client to confirm) are the two most effective ways of combating it.

I’ve set up two on the last fortnight, one new one and one when I’ve been informed the banking details have changed. Both were to businesses and in both cases the names were checked out. Banks as mentioned above...
In this case the bank details matched though.

You have some work done by abc ltd. They email you an invoice. They then seemingly email you saying please pay it to mr smith and mr smiths bank details. You reply saying “really ?”. They say yes. You pay the money to mr smith.
I'm, not sure I would. I'd phone up. Its about spending money...
If you don't like your democracy, vote against it.

Re: Change of Banking details scam - a cautionary tale
« Reply #13 on: February 12, 2021, 01:30:33 pm »
Bank transfers should now use "Confirmation of Payee". So it checks whether the name entered matches the one registered for that account number.
So that should help to warn you if the money is not going where you expect.

Though seems it is not supported by all banks yet.
https://www.which.co.uk/news/2020/03/confirmation-of-payee-which-banks-are-ready-to-offer-vital-name-checking-service/

Currently only for personal account, IIRC, not business accounts.

This kind of attack is known is really common, so much so that the big banks give you training on how to spot it.

Sorry to hear that your SiL has become a victim, Ham.  Password hygeine and confirmation via a different route (email received, phone client to confirm) are the two most effective ways of combating it.

I’ve set up two on the last fortnight, one new one and one when I’ve been informed the banking details have changed. Both were to businesses and in both cases the names were checked out. Banks as mentioned above...
In this case the bank details matched though.

You have some work done by abc ltd. They email you an invoice. They then seemingly email you saying please pay it to mr smith and mr smiths bank details. You reply saying “really ?”. They say yes. You pay the money to mr smith.
I'm, not sure I would. I'd phone up. Its about spending money...
It doesn’t have to work all the time, you only need the occasional success.

fboab

  • It's a fecking serious business, riding a bike
Re: Change of Banking details scam - a cautionary tale
« Reply #14 on: February 12, 2021, 01:37:58 pm »
A previous company I worked for was scammed out of $90,000 like this.

Good practise is to follow any request to change bank details with a phone call to the company requesting.

TSS is not Total Sex Score, Chris!

citoyen

  • Occasionally rides a bike
Re: Change of Banking details scam - a cautionary tale
« Reply #15 on: February 12, 2021, 01:44:38 pm »
They then seemingly email you saying please pay it to mr smith and mr smiths bank details. You reply saying “really ?”. They say yes.

What would you expect them to say? "Actually, no, I'm a scammer."

If you get what looks like a dodgy email, replying to the email strikes me as not the smartest way of seeking verification.

I get that it's easy to be taken in by sophisticated scams though, so I'm not unsympathetic to the victim. There are some vicious/clever bastards out there.
"The future's all yours, you lousy bicycles."

Jaded

  • The Codfather
  • Formerly known as Jaded
Re: Change of Banking details scam - a cautionary tale
« Reply #16 on: February 12, 2021, 01:45:53 pm »
Bank transfers should now use "Confirmation of Payee". So it checks whether the name entered matches the one registered for that account number.
So that should help to warn you if the money is not going where you expect.

Though seems it is not supported by all banks yet.
https://www.which.co.uk/news/2020/03/confirmation-of-payee-which-banks-are-ready-to-offer-vital-name-checking-service/

Currently only for personal account, IIRC, not business accounts.

This kind of attack is known is really common, so much so that the big banks give you training on how to spot it.

Sorry to hear that your SiL has become a victim, Ham.  Password hygeine and confirmation via a different route (email received, phone client to confirm) are the two most effective ways of combating it.

I’ve set up two on the last fortnight, one new one and one when I’ve been informed the banking details have changed. Both were to businesses and in both cases the names were checked out. Banks as mentioned above...
In this case the bank details matched though.

You have some work done by abc ltd. They email you an invoice. They then seemingly email you saying please pay it to mr smith and mr smiths bank details. You reply saying “really ?”. They say yes. You pay the money to mr smith.
I'm, not sure I would. I'd phone up. Its about spending money...
It doesn’t have to work all the time, you only need the occasional success.

OK, what are you actually saying? Don't transfer money at all?
If you don't like your democracy, vote against it.

Re: Change of Banking details scam - a cautionary tale
« Reply #17 on: February 12, 2021, 01:49:58 pm »
Bank transfers should now use "Confirmation of Payee". So it checks whether the name entered matches the one registered for that account number.
So that should help to warn you if the money is not going where you expect.

Though seems it is not supported by all banks yet.
https://www.which.co.uk/news/2020/03/confirmation-of-payee-which-banks-are-ready-to-offer-vital-name-checking-service/

Currently only for personal account, IIRC, not business accounts.

This kind of attack is known is really common, so much so that the big banks give you training on how to spot it.

Sorry to hear that your SiL has become a victim, Ham.  Password hygeine and confirmation via a different route (email received, phone client to confirm) are the two most effective ways of combating it.

I’ve set up two on the last fortnight, one new one and one when I’ve been informed the banking details have changed. Both were to businesses and in both cases the names were checked out. Banks as mentioned above...
In this case the bank details matched though.

You have some work done by abc ltd. They email you an invoice. They then seemingly email you saying please pay it to mr smith and mr smiths bank details. You reply saying “really ?”. They say yes. You pay the money to mr smith.
I'm, not sure I would. I'd phone up. Its about spending money...
It doesn’t have to work all the time, you only need the occasional success.

OK, what are you actually saying? Don't transfer money at all?
Phoning up as you suggested. I am just pointing even if 99 out of 100 people phone up to confirm, the scammers are still on a winner.

Re: Change of Banking details scam - a cautionary tale
« Reply #18 on: February 12, 2021, 01:55:17 pm »
They then seemingly email you saying please pay it to mr smith and mr smiths bank details. You reply saying “really ?”. They say yes.

What would you expect them to say? "Actually, no, I'm a scammer."

If you get what looks like a dodgy email, replying to the email strikes me as not the smartest way of seeking verification.

I get that it's easy to be taken in by sophisticated scams though, so I'm not unsympathetic to the victim. There are some vicious/clever bastards out there.
Some work on being very clever, others depend on luck. If you receive an email saying there was a problem with your PayPal payment click here. Most of the time you would ignore it. If however seconds before you had made a PayPal payment and you were in a rush you might just click on it.

Mrs Pingu

  • Who ate all the pies? Me
    • Twitter
Re: Change of Banking details scam - a cautionary tale
« Reply #19 on: February 12, 2021, 05:07:36 pm »
I think this is basically what scammers have been doing with solicitors email and large transfers for some years now.  I spent an awful lot of time keeping elderly FiL away from emails and online transactions for both the sale and purchase activities.

How does one get around that these days?
Do not clench. It only makes it worse.