Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • ConcernedConsumer1254
    • By ConcernedConsumer1254 18th Jun 17, 6:13 PM
    • 1Posts
    • 0Thanks
    ConcernedConsumer1254
    Loss due to invoice fraud
    • #1
    • 18th Jun 17, 6:13 PM
    Loss due to invoice fraud 18th Jun 17 at 6:13 PM
    Hello everyone, I'm a first time poster long time reader and I'd really appreciate some advice here on a fraud that I was a victim of and what if anything I can do from here. Apologies in advance for the long post...

    About a month ago I had a new bathroom fitted, I was and still am very happy with the actual work done, but there was an identity fraud committed during the payment process, where a scammer had gained access to the plumbing companies email account and issued me with a fraudulent invoice.

    As I was expecting the invoice to come from the plumbing company (and the email did come direct from the companies email account, using their headers, etc and was for the expected amount) I paid the invoice via a bank transfer and was none the wiser until a second (and this time genuine) invoice came through after the weekend.

    It seems that the scammer knew exactly when my job had been finished and was able to time the invoice at the exact right time. The sum lost was over £6,000.

    Obviously I reported the fraud immediately to my bank and to the police and action fraud, and I have since paid half the sum again to the plumbing company to allow them to pay their staff, this time I paid in person.

    I don't feel that I'm 100% responsible for the loss of the sum, and would like the plumbing company to take their share of the loss (I think 50/50 is fair personally) in the event that the banks and the police are unable to retrieve the funds. I have spoken to the plumbing company several times and in our last conversation, where I paid them £3,000, I asked them to consider what part of the loss they feel they can absorb. I've so far had no further contact but I'm anticipating a phone call soon asking for the rest of their money.

    If I were to pay the next £3k then in effect that puts the entire fraud loss on me. So, if I were to refuse to pay that and argue that the company should be taking some share in the loss, is there any grounds or legal recourse that I could point to to backup my position?

    I don't expect the company to take the whole loss any more that I want to take the whole loss, I just want them to be fair and accept some responsibility for not protecting the access to the email systems. Can I argue with them from any legal standpoint, perhaps around data protection (where they have failed to protect my personal data) or anything like that? They are a small local company, so they won't have much money either and have staff to pay of course. I don't want them to suffer, I just want things to be fair.

    Thanks for any advice you can offer.
Page 1
    • angryparcel
    • By angryparcel 18th Jun 17, 6:21 PM
    • 910 Posts
    • 515 Thanks
    angryparcel
    • #2
    • 18th Jun 17, 6:21 PM
    • #2
    • 18th Jun 17, 6:21 PM
    The issue may not be their fault, it could be a server issue if the server has been compromised, but i suspect like a lot of companies they will be using wordpress for their website and that has that many holes in it, so users need to always keep upto date with security.
    But i am afraid that unless you can prove that the plumbing company are responsible for this fraud then you will just relying on their goodwill if they take responsibility for any of this.
    • robatwork
    • By robatwork 18th Jun 17, 7:15 PM
    • 3,869 Posts
    • 4,189 Thanks
    robatwork
    • #3
    • 18th Jun 17, 7:15 PM
    • #3
    • 18th Jun 17, 7:15 PM
    So to summarise:

    You have a £6000 bathroom and have so far in good faith paid £9000.
    The company have £3000 and have been victims of an email hack.

    It does seem like if you pay the remaining £3000 then you will be £12000 down and the company would have suffered no loss.

    If it was me then I wouldn't think that reasonable so would be telling them to take me to court and let a judge decide. Get preparing all your paperwork now, and don't do things by phone - do it in writing (or email if you are sure they have fixed the issue).

    For others reading I will say what I have said before on this forum - you may be a long time reader but didn't take this advice that many others have said time and again. When paying a large sum to a new payee (and I think anything over £50 is large), always pay £1 first, then get them to confirm by phone conversation they can see it in their bank. Adds about 1 minute to any transaction.
    • Geoff1963
    • By Geoff1963 18th Jun 17, 7:53 PM
    • 956 Posts
    • 598 Thanks
    Geoff1963
    • #4
    • 18th Jun 17, 7:53 PM
    • #4
    • 18th Jun 17, 7:53 PM
    When paying a large sum to a new payee (and I think anything over £50 is large), always pay £1 first, then get them to confirm by phone conversation they can see it in their bank. Adds about 1 minute to any transaction.
    Seconded.
    • unholyangel
    • By unholyangel 18th Jun 17, 8:21 PM
    • 11,144 Posts
    • 8,394 Thanks
    unholyangel
    • #5
    • 18th Jun 17, 8:21 PM
    • #5
    • 18th Jun 17, 8:21 PM
    The issue may not be their fault, it could be a server issue if the server has been compromised, but i suspect like a lot of companies they will be using wordpress for their website and that has that many holes in it, so users need to always keep upto date with security.
    But i am afraid that unless you can prove that the plumbing company are responsible for this fraud then you will just relying on their goodwill if they take responsibility for any of this.
    Originally posted by angryparcel
    OP doesn't need to prove they were responsible for the fraud, just that it was within their control. ie that the security breach was on their email rather than OPs.

    Given OP mentions a email from the company email account and doesn't mention spoofing, it seems as though the company were the victims, not the OP.

    When paying a large sum to a new payee (and I think anything over £50 is large), always pay £1 first, then get them to confirm by phone conversation they can see it in their bank. Adds about 1 minute to any transaction.
    Originally posted by robatwork
    That all depends on the payment method. Even FPI usually isn't instantaneous unless they're with the same bank.
    Money doesn't solve poverty.....it creates it.
    • angryparcel
    • By angryparcel 18th Jun 17, 8:34 PM
    • 910 Posts
    • 515 Thanks
    angryparcel
    • #6
    • 18th Jun 17, 8:34 PM
    • #6
    • 18th Jun 17, 8:34 PM
    OP doesn't need to prove they were responsible for the fraud, just that it was within their control. ie that the security breach was on their email rather than OPs.

    Given OP mentions a email from the company email account and doesn't mention spoofing, it seems as though the company were the victims, not the OP.



    That all depends on the payment method. Even FPI usually isn't instantaneous unless they're with the same bank.
    Originally posted by unholyangel
    I know how these hacks work as in my business it is a constant fight to keep servers secure and get clients to keep their scripts updated. WP is the worse script for vulnerabilities. 1 weak script in a users website can lead to a major server issue, so yes it is the company that have to take the blame for this, but they should be working with their host to find where the breach is, it could even be down to an employee opening an attachment or a link in an email allowing a keylogger onto their computer and access to the companies systems
    • unholyangel
    • By unholyangel 18th Jun 17, 9:04 PM
    • 11,144 Posts
    • 8,394 Thanks
    unholyangel
    • #7
    • 18th Jun 17, 9:04 PM
    • #7
    • 18th Jun 17, 9:04 PM
    I know how these hacks work as in my business it is a constant fight to keep servers secure and get clients to keep their scripts updated. WP is the worse script for vulnerabilities. 1 weak script in a users website can lead to a major server issue, so yes it is the company that have to take the blame for this, but they should be working with their host to find where the breach is, it could even be down to an employee opening an attachment or a link in an email allowing a keylogger onto their computer and access to the companies systems
    Originally posted by angryparcel
    So why did you tell us earlier that:
    But i am afraid that unless you can prove that the plumbing company are responsible for this fraud then you will just relying on their goodwill if they take responsibility for any of this.
    Originally posted by angryparcel
    As you say, its up to them to work to find the flaws/holes in their security and take what steps are necessary to counteract it.

    I do hope the OP gets their £3k back.
    Money doesn't solve poverty.....it creates it.
    • angryparcel
    • By angryparcel 18th Jun 17, 9:39 PM
    • 910 Posts
    • 515 Thanks
    angryparcel
    • #8
    • 18th Jun 17, 9:39 PM
    • #8
    • 18th Jun 17, 9:39 PM
    So why did you tell us earlier that:


    As you say, its up to them to work to find the flaws/holes in their security and take what steps are necessary to counteract it.

    I do hope the OP gets their £3k back.
    Originally posted by unholyangel
    because you still have to prove it is an issue with the plumbing company or higher up the chain. if its a case of the company not upgrading their site scripts then they are not victims as it of their doing, but if it an issue with the server then they are victims.
    • robatwork
    • By robatwork 18th Jun 17, 10:44 PM
    • 3,869 Posts
    • 4,189 Thanks
    robatwork
    • #9
    • 18th Jun 17, 10:44 PM
    • #9
    • 18th Jun 17, 10:44 PM
    That all depends on the payment method. Even FPI usually isn't instantaneous unless they're with the same bank.
    Originally posted by unholyangel
    My personal experience is that Faster Payments have in recent months got faster. I pay to various accounts from my Santander account, and even new ones to different banks have been received pretty much instantly or within a few minutes.

    It seems the whole banking system has improved in recent years finally, as I just returned from abroad and all my Halifax Clarity card payments (through mastercard) are already showing as debits, and yesterday's transaction is pending. 5-10 years ago it would take days or even a couple of weeks for all foreign transactions to permeate through.
    • angryparcel
    • By angryparcel 18th Jun 17, 11:23 PM
    • 910 Posts
    • 515 Thanks
    angryparcel
    My personal experience is that Faster Payments have in recent months got faster. I pay to various accounts from my Santander account, and even new ones to different banks have been received pretty much instantly or within a few minutes.

    It seems the whole banking system has improved in recent years finally, as I just returned from abroad and all my Halifax Clarity card payments (through mastercard) are already showing as debits, and yesterday's transaction is pending. 5-10 years ago it would take days or even a couple of weeks for all foreign transactions to permeate through.
    Originally posted by robatwork
    yes all bank payments are instant these days no matter which bank to bank transactions, even withdrawals from Paypal that used to take upto 9 days arrives in your bank within seconds.
    even cheques clear quicker now
    • photome
    • By photome 19th Jun 17, 6:53 AM
    • 12,596 Posts
    • 8,077 Thanks
    photome
    Seconded.
    Originally posted by Geoff1963

    thirded
    • agrinnall
    • By agrinnall 19th Jun 17, 8:10 AM
    • 18,142 Posts
    • 13,846 Thanks
    agrinnall
    yes all bank payments are instant these days no matter which bank to bank transactions, even withdrawals from Paypal that used to take upto 9 days arrives in your bank within seconds.
    even cheques clear quicker now
    Originally posted by angryparcel
    Mostly nonsense, if you don't understand the banking system don't pretend that you do.

    Not all bank payments are instant, some are very quick (seconds), some take a few minutes, some take a few hours, some happen overnight, and some are completed by the end of the next business day. All in accordance with the Payment Services Regulations 2009.

    Cheque clearing is no different (yet) than it has been for many years.
    • angryparcel
    • By angryparcel 19th Jun 17, 8:34 AM
    • 910 Posts
    • 515 Thanks
    angryparcel
    Mostly nonsense, if you don't understand the banking system don't pretend that you do.

    Not all bank payments are instant, some are very quick (seconds), some take a few minutes, some take a few hours, some happen overnight, and some are completed by the end of the next business day. All in accordance with the Payment Services Regulations 2009.

    Cheque clearing is no different (yet) than it has been for many years.
    Originally posted by agrinnall
    i have accounts with natwest, barclays and lloyds and all are instant when i make transfers from 1 to the other. cheques clear within 2 days now rather than 3 to 4 days
    • Gleeful
    • By Gleeful 19th Jun 17, 10:35 AM
    • 1,882 Posts
    • 7,355 Thanks
    Gleeful
    As I understand it, you paid in good faith and the email came from the plumbers email account. I wouldn't even have paid the additional 3K. The plumbing company are the victim of a crime, not you. It would be for them to report it to the police.
    • agrinnall
    • By agrinnall 19th Jun 17, 2:25 PM
    • 18,142 Posts
    • 13,846 Thanks
    agrinnall
    i have accounts with natwest, barclays and lloyds and all are instant when i make transfers from 1 to the other. cheques clear within 2 days now rather than 3 to 4 days
    Originally posted by angryparcel
    Anecdotal evidence on the first part, backing up what I said about the PSRs, and just wrong on the second.

    This is what actually happens with cheque clearing

    https://www.chequeandcredit.co.uk/information-hub/faqs/2-4-6-cheque-clearing-timescales

    However, one day clearing is scheduled to start in October.

    http://www.bbc.co.uk/news/business-39351793
    • Hermione Granger
    • By Hermione Granger 19th Jun 17, 2:35 PM
    • 727 Posts
    • 1,114 Thanks
    Hermione Granger
    cheques clear within 2 days now rather than 3 to 4 days
    Originally posted by angryparcel
    Your bank may well allow you access to the funds from the cheque after 2 days but this doesn't mean that the cheque has cleared.
    It still needs 6 full working days between the cheque being deposited in an account and the possibility of the payee having the money removed from their account should the cheque bounce.
    • unholyangel
    • By unholyangel 19th Jun 17, 2:59 PM
    • 11,144 Posts
    • 8,394 Thanks
    unholyangel
    Your bank may well allow you access to the funds from the cheque after 2 days but this doesn't mean that the cheque has cleared.
    It still needs 6 full working days between the cheque being deposited in an account and the possibility of the payee having the money removed from their account should the cheque bounce.
    Originally posted by Hermione Granger
    Cheques can bounce several months later. Its rare mind you, just always wise to keep things like that in mind when scammers are a possibility!

    Was a case with the financial ombudsman if I remember right, involving one of those types of scams where they send you a cheque for say £10k, ask you to pay them/a third party £xk and keep the rest. Guy had specifically asked his bank if it had cleared and if there were any problems. Bank had told him it was all fine. He withdrew the money, passed it over to the scammer and then a few months later, bank came back and said it had bounced. Ombudsman upheld his complaint - but only due to the fact he had questioned the bank about the validity of that specific payment.
    Money doesn't solve poverty.....it creates it.
    • Hermione Granger
    • By Hermione Granger 19th Jun 17, 3:27 PM
    • 727 Posts
    • 1,114 Thanks
    Hermione Granger
    Cheques can bounce several months later. Its rare mind you, just always wise to keep things like that in mind when scammers are a possibility!
    Originally posted by unholyangel
    Provided you have accepted the cheque in good faith and it is a Sterling cheque from a UK bank then if it bounces more than 6 full days after being presented to the bank, the money can't be reclaimed from your account.
    If this happens, the loss has to be born by the banks (or the person who provided the cheque if they can be traced).

    The case you mention probably happened because I would have thought that any sensible person would have, or should have thought it was suspicious and it probably made it appear that the payee knew there was something dodgy going on.
    • angryparcel
    • By angryparcel 19th Jun 17, 3:39 PM
    • 910 Posts
    • 515 Thanks
    angryparcel
    about 20 years ago when i sold PCs, i once got an order from Cornwall who paid by cheque. the cheque was from The Kodak Foundation in the USA, which seemed strange, so i contacted the foundation and was told the cheque was fine ( i took the persons name who told me this), so stuck it in my bank and waiting as with it from a USA bank the physical cheque had to go from my bank to the USA bank to be cleared and then funds sent to my bank to be placed in my account which takes upto a month ( well did then), 2 weeks later i got a call from the police to say someone would like to call and discuss this cheque, well an officer come and explained the cheque was stolen, but because i have contacted the foundation about the cheque and as the cheque had to go to the USA and back again then they could do nothing to recover the funds
    • Hermione Granger
    • By Hermione Granger 19th Jun 17, 3:44 PM
    • 727 Posts
    • 1,114 Thanks
    Hermione Granger
    As the cheque you refer to was from a bank in the USA it wouldn't be covered by the 2-4-6 process so the money would always have been at risk should the cheque have been fraudulent.
    It's only Sterling cheques from a UK bank that are covered.
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

3,505Posts Today

4,613Users online

Martin's Twitter