Loss due to invoice fraud
ConcernedConsumer1254
Posts: 1 Newbie
Hello everyone, I'm a first time poster long time reader and I'd really appreciate some advice here on a fraud that I was a victim of and what if anything I can do from here. Apologies in advance for the long post...
About a month ago I had a new bathroom fitted, I was and still am very happy with the actual work done, but there was an identity fraud committed during the payment process, where a scammer had gained access to the plumbing companies email account and issued me with a fraudulent invoice.
As I was expecting the invoice to come from the plumbing company (and the email did come direct from the companies email account, using their headers, etc and was for the expected amount) I paid the invoice via a bank transfer and was none the wiser until a second (and this time genuine) invoice came through after the weekend.
It seems that the scammer knew exactly when my job had been finished and was able to time the invoice at the exact right time. The sum lost was over £6,000.
Obviously I reported the fraud immediately to my bank and to the police and action fraud, and I have since paid half the sum again to the plumbing company to allow them to pay their staff, this time I paid in person.
I don't feel that I'm 100% responsible for the loss of the sum, and would like the plumbing company to take their share of the loss (I think 50/50 is fair personally) in the event that the banks and the police are unable to retrieve the funds. I have spoken to the plumbing company several times and in our last conversation, where I paid them £3,000, I asked them to consider what part of the loss they feel they can absorb. I've so far had no further contact but I'm anticipating a phone call soon asking for the rest of their money.
If I were to pay the next £3k then in effect that puts the entire fraud loss on me. So, if I were to refuse to pay that and argue that the company should be taking some share in the loss, is there any grounds or legal recourse that I could point to to backup my position?
I don't expect the company to take the whole loss any more that I want to take the whole loss, I just want them to be fair and accept some responsibility for not protecting the access to the email systems. Can I argue with them from any legal standpoint, perhaps around data protection (where they have failed to protect my personal data) or anything like that? They are a small local company, so they won't have much money either and have staff to pay of course. I don't want them to suffer, I just want things to be fair.
Thanks for any advice you can offer.
About a month ago I had a new bathroom fitted, I was and still am very happy with the actual work done, but there was an identity fraud committed during the payment process, where a scammer had gained access to the plumbing companies email account and issued me with a fraudulent invoice.
As I was expecting the invoice to come from the plumbing company (and the email did come direct from the companies email account, using their headers, etc and was for the expected amount) I paid the invoice via a bank transfer and was none the wiser until a second (and this time genuine) invoice came through after the weekend.
It seems that the scammer knew exactly when my job had been finished and was able to time the invoice at the exact right time. The sum lost was over £6,000.
Obviously I reported the fraud immediately to my bank and to the police and action fraud, and I have since paid half the sum again to the plumbing company to allow them to pay their staff, this time I paid in person.
I don't feel that I'm 100% responsible for the loss of the sum, and would like the plumbing company to take their share of the loss (I think 50/50 is fair personally) in the event that the banks and the police are unable to retrieve the funds. I have spoken to the plumbing company several times and in our last conversation, where I paid them £3,000, I asked them to consider what part of the loss they feel they can absorb. I've so far had no further contact but I'm anticipating a phone call soon asking for the rest of their money.
If I were to pay the next £3k then in effect that puts the entire fraud loss on me. So, if I were to refuse to pay that and argue that the company should be taking some share in the loss, is there any grounds or legal recourse that I could point to to backup my position?
I don't expect the company to take the whole loss any more that I want to take the whole loss, I just want them to be fair and accept some responsibility for not protecting the access to the email systems. Can I argue with them from any legal standpoint, perhaps around data protection (where they have failed to protect my personal data) or anything like that? They are a small local company, so they won't have much money either and have staff to pay of course. I don't want them to suffer, I just want things to be fair.
Thanks for any advice you can offer.
0
Comments
-
The issue may not be their fault, it could be a server issue if the server has been compromised, but i suspect like a lot of companies they will be using wordpress for their website and that has that many holes in it, so users need to always keep upto date with security.
But i am afraid that unless you can prove that the plumbing company are responsible for this fraud then you will just relying on their goodwill if they take responsibility for any of this.0 -
So to summarise:
You have a £6000 bathroom and have so far in good faith paid £9000.
The company have £3000 and have been victims of an email hack.
It does seem like if you pay the remaining £3000 then you will be £12000 down and the company would have suffered no loss.
If it was me then I wouldn't think that reasonable so would be telling them to take me to court and let a judge decide. Get preparing all your paperwork now, and don't do things by phone - do it in writing (or email if you are sure they have fixed the issue).
For others reading I will say what I have said before on this forum - you may be a long time reader but didn't take this advice that many others have said time and again. When paying a large sum to a new payee (and I think anything over £50 is large), always pay £1 first, then get them to confirm by phone conversation they can see it in their bank. Adds about 1 minute to any transaction.0 -
Seconded.:TWhen paying a large sum to a new payee (and I think anything over £50 is large), always pay £1 first, then get them to confirm by phone conversation they can see it in their bank. Adds about 1 minute to any transaction.0 -
angryparcel wrote: »The issue may not be their fault, it could be a server issue if the server has been compromised, but i suspect like a lot of companies they will be using wordpress for their website and that has that many holes in it, so users need to always keep upto date with security.
But i am afraid that unless you can prove that the plumbing company are responsible for this fraud then you will just relying on their goodwill if they take responsibility for any of this.
OP doesn't need to prove they were responsible for the fraud, just that it was within their control. ie that the security breach was on their email rather than OPs.
Given OP mentions a email from the company email account and doesn't mention spoofing, it seems as though the company were the victims, not the OP.When paying a large sum to a new payee (and I think anything over £50 is large), always pay £1 first, then get them to confirm by phone conversation they can see it in their bank. Adds about 1 minute to any transaction.
That all depends on the payment method. Even FPI usually isn't instantaneous unless they're with the same bank.You keep using that word. I do not think it means what you think it means - Inigo Montoya, The Princess Bride0 -
I know how these hacks work as in my business it is a constant fight to keep servers secure and get clients to keep their scripts updated. WP is the worse script for vulnerabilities. 1 weak script in a users website can lead to a major server issue, so yes it is the company that have to take the blame for this, but they should be working with their host to find where the breach is, it could even be down to an employee opening an attachment or a link in an email allowing a keylogger onto their computer and access to the companies systemsunholyangel wrote: »OP doesn't need to prove they were responsible for the fraud, just that it was within their control. ie that the security breach was on their email rather than OPs.
Given OP mentions a email from the company email account and doesn't mention spoofing, it seems as though the company were the victims, not the OP.
That all depends on the payment method. Even FPI usually isn't instantaneous unless they're with the same bank.0 -
angryparcel wrote: »I know how these hacks work as in my business it is a constant fight to keep servers secure and get clients to keep their scripts updated. WP is the worse script for vulnerabilities. 1 weak script in a users website can lead to a major server issue, so yes it is the company that have to take the blame for this, but they should be working with their host to find where the breach is, it could even be down to an employee opening an attachment or a link in an email allowing a keylogger onto their computer and access to the companies systems
So why did you tell us earlier that:angryparcel wrote: »But i am afraid that unless you can prove that the plumbing company are responsible for this fraud then you will just relying on their goodwill if they take responsibility for any of this.
As you say, its up to them to work to find the flaws/holes in their security and take what steps are necessary to counteract it.
I do hope the OP gets their £3k back.You keep using that word. I do not think it means what you think it means - Inigo Montoya, The Princess Bride0 -
because you still have to prove it is an issue with the plumbing company or higher up the chain. if its a case of the company not upgrading their site scripts then they are not victims as it of their doing, but if it an issue with the server then they are victims.unholyangel wrote: »So why did you tell us earlier that:
As you say, its up to them to work to find the flaws/holes in their security and take what steps are necessary to counteract it.
I do hope the OP gets their £3k back.0 -
unholyangel wrote: »That all depends on the payment method. Even FPI usually isn't instantaneous unless they're with the same bank.
My personal experience is that Faster Payments have in recent months got faster. I pay to various accounts from my Santander account, and even new ones to different banks have been received pretty much instantly or within a few minutes.
It seems the whole banking system has improved in recent years finally, as I just returned from abroad and all my Halifax Clarity card payments (through mastercard) are already showing as debits, and yesterday's transaction is pending. 5-10 years ago it would take days or even a couple of weeks for all foreign transactions to permeate through.0 -
yes all bank payments are instant these days no matter which bank to bank transactions, even withdrawals from Paypal that used to take upto 9 days arrives in your bank within seconds.My personal experience is that Faster Payments have in recent months got faster. I pay to various accounts from my Santander account, and even new ones to different banks have been received pretty much instantly or within a few minutes.
It seems the whole banking system has improved in recent years finally, as I just returned from abroad and all my Halifax Clarity card payments (through mastercard) are already showing as debits, and yesterday's transaction is pending. 5-10 years ago it would take days or even a couple of weeks for all foreign transactions to permeate through.
even cheques clear quicker now0
This discussion has been closed.
Categories
- All Categories
- 343K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.6K Spending & Discounts
- 235.1K Work, Benefits & Business
- 607.8K Mortgages, Homes & Bills
- 173K Life & Family
- 247.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards