We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Who takes the hit
reideng
Posts: 7 Forumite
Hello everyone this is my first post and would like to see your opinions on this matter.
One of my customers whom we have been dealing with for some time now received our usual email with a word doc. containing our invoice but it had been altered between us sending and them receiving, what had been added was a different sort code and account number. WE are both with the Royal Bank of Scotland but the sort code and account No.(should have sent up a red flag) was a PPS bank account.Our customer did not question this by email or phone and went ahead and paid £1640 into this PPS account. We never put our bank details on any emails.
We checked our end emails sent with the attached invoice and it was untouched our end.Looks like someone has been spoofed. Also the person at our customer in charge of the money was working from home at that time, makes me ask the question was her home laptop safe.
So do we lose out or do they have to pay for our services which they received.We have looked at a few web solicitors and it looks like we should be paid regardless of who got hacked Thanks your comments welcome
One of my customers whom we have been dealing with for some time now received our usual email with a word doc. containing our invoice but it had been altered between us sending and them receiving, what had been added was a different sort code and account number. WE are both with the Royal Bank of Scotland but the sort code and account No.(should have sent up a red flag) was a PPS bank account.Our customer did not question this by email or phone and went ahead and paid £1640 into this PPS account. We never put our bank details on any emails.
We checked our end emails sent with the attached invoice and it was untouched our end.Looks like someone has been spoofed. Also the person at our customer in charge of the money was working from home at that time, makes me ask the question was her home laptop safe.
So do we lose out or do they have to pay for our services which they received.We have looked at a few web solicitors and it looks like we should be paid regardless of who got hacked Thanks your comments welcome
0
Comments
-
One party's web security has been compromised. If it's your customer's, they still owe you the money.1
-
Why send it as a doc and not pdf or even a jpeg?5
-
reideng said:One of my customers whom we have been dealing with for some time now received our usual email with a word doc. containing our invoice but it had been altered between us sending and them receiving, what had been added was a different sort code and account number.
Has the customer sent you back the modified word doc?
TBH, I'd be amazed if a scammer was this stupid - but if you have the modified doc, maybe look at "Last Modified By" and "Last Modified" date and time for the doc to see if it shows anything useful.
(Depending on your version of Word this info might be under 'File>Info')
1 -
Do not assume the email they received with the altered document was the one you sent.
Scammers can and do replicate email addresses, they may follow traffic for a long time to work out typical patterns of emails.My wife experienced it at her company, Scammer sent emails looking like they were from a subsidiary, same wording for transfer of money, detailing the goods with correct serial numbers etc.
Tracing came out with an account in South America, but even this was a scam and the emails were sent from someone in the UK.
Its on whoever sent the money to the wrong account to flag it as a fraudulent transaction, but they still owe you what is due.1 -
This is why I always send a small sum as a test first. Send £1, check with the intended recipient that they got it, then send the rest. Someone gave me that tip years ago and I've done it ever since.2
-
Spank said:Why send it as a doc and not pdf or even a jpeg?Does that make a difference? It's trivial to forge any of them (until you go as far as e.g. a securely-signed pdf).OP, have you ever given the customer your bank details by any other method? At least some e.g. law firms now say "we won't send you our bank details by email", or at least provide explicit warnings that this sort of thing goes on so be sure to double check e.g. by phoning.2
-
It depends what you think has happened... certainly wont make any difference to any “professional” scammer but may deter an opportunistic person who doesnt know how to doctor PDFs etc (a much easier task now that Word etc opens them).davidmcn said:
Does that make a difference? It's trivial to forge any of them (until you go as far as e.g. a securely-signed pdf).OP, have you ever given the customer your bank details by any other method? At least some e.g. law firms now say "we won't send you our bank details by email", or at least provide explicit warnings that this sort of thing goes on so be sure to double check e.g. by phoning.
I personally havent heard of anyone blocking a legitimately sent email, doctoring the attachments and then sending it onwards to the original recipient but that is the only scenario where if both parties are being fully honest this could have happened. It seems more likely either a wrong invoice was sent in the first place or the correct invoice was received and then doctored by the customer. I am guessing this is a B2B relationship and so potentially the person the OP is talking to is being honest but they have an employee thats the culprit.
The first step is obviously to ask them to forward (not reply) the original email to you and then you need to double check a) that the header details tie up with your email records and b) look at the meta data of the word file to check created on, last updated on, last updated by etc to see if it sheds any light on the matter.2 -
eddddy said:reideng said:One of my customers whom we have been dealing with for some time now received our usual email with a word doc. containing our invoice but it had been altered between us sending and them receiving, what had been added was a different sort code and account number.
Has the customer sent you back the modified word doc?
TBH, I'd be amazed if a scammer was this stupid - but if you have the modified doc, maybe look at "Last Modified By" and "Last Modified" date and time for the doc to see if it shows anything useful.
(Depending on your version of Word this info might be under 'File>Info')
Yes they sent it back to us and I checked it and found it had been modified buy "a windows user" He was kind enough to leave his bank details which led us to Prepaysolutions.com who are looking into this, thank you for taking the time to comment
0 -
Sandtree said:
It depends what you think has happened... certainly wont make any difference to any “professional” scammer but may deter an opportunistic person who doesnt know how to doctor PDFs etc (a much easier task now that Word etc opens them).davidmcn said:
Does that make a difference? It's trivial to forge any of them (until you go as far as e.g. a securely-signed pdf).OP, have you ever given the customer your bank details by any other method? At least some e.g. law firms now say "we won't send you our bank details by email", or at least provide explicit warnings that this sort of thing goes on so be sure to double check e.g. by phoning.
I personally havent heard of anyone blocking a legitimately sent email, doctoring the attachments and then sending it onwards to the original recipient but that is the only scenario where if both parties are being fully honest this could have happened. It seems more likely either a wrong invoice was sent in the first place or the correct invoice was received and then doctored by the customer. I am guessing this is a B2B relationship and so potentially the person the OP is talking to is being honest but they have an employee thats the culprit.
The first step is obviously to ask them to forward (not reply) the original email to you and then you need to double check a) that the header details tie up with your email records and b) look at the meta data of the word file to check created on, last updated on, last updated by etc to see if it sheds any light on the matter.We are both small companies 6 and 8 staff and are just around the corner from each other and have been invoicing each other for a few years with the invoice and the email stating a change of bank details and asking to be paid BAC's next day should have sent up a red flag also the person who paid the money into the wrong account was off work with Covid and working from home and not using due diligence.When the emails left us they were unmodified, when sent back to us they were modifiedThank you for taking the time and advice0 -
If you have any sort of "cyber insurance" now is the time to contact them. They should be able to both support or carry out investigations, and reimburse you according to their terms.1
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.6K Work, Benefits & Business
- 600K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards