Despair after being scammed

billposters2

Dear Sir,

I am writing this as a journal in the hope that something in it may assist me to regain stolen funds.

As some background, I have for many years(since 2008) owned a small retail business (newsagents), by way of providing an income for my wife and myself.

We had differing disciplines and chose this as we could work together, although my background is in engineering, my wife was an administrator.

In 2015 I took a self employed position in an engineering firm, which I now own, as well as my shop role.

Sadly in 2017 after a long illness, my wife passed away and I kept the business going with staff, but with the newspaper trade in decline, I decided to sell the shop while it was still profitable on 9th January 2023, my former member of staff assisting with any subsequent transactions arising, as certain items mainly newspapers, and wages, needed to be paid for after my departure and she dealt with the admin as usual or I called into the shop.

Using some of the funds from the shop, I purchased the engineering company at the same time because the original owner wanted to retire.

I moved accommodation from the shop to a much more modest abode, and living alone, my outgoings are relatively small, so in the knowledge that I had adequate reserve, and my income usually outweighed my expenditure, it was rare for me to live on-line checking my accounts.

I had spoken with HSBC about a new account for the new business, but was told to maintain the original account, and add an additional “trading arm”

Having owned this new business for just a couple of months, I made it my habit to pay my suppliers, metal, utilities etc. on or as near to the first working day of the month.

It was while doing this that my card was declined, at first I thought I had gotten a security question wrong or something similar, as I only conduct financial business by card or at the branch, so having felt embarrassed at getting things wrong I went to my branch of HSBC, in the hope of refreshing my credentials and continuing thereafter.

While there, I requested a statement for the business account so I could precisely see my position.

To my horror, not only was there no funds, but I was in overdraft over my agreed limit of £500 making a total overdraft of £700 +.

On scrutinising the statement, I could see several payments that were not recognisable by name or amount.

I reported this to the staff member, who was initially rather unhelpful, and having checked the payments was of the opinion that either I or my admin person had made these payments.

I definitely made no such payments and my administrator would never pay anything without my authority.

There were 11 payments taken over some weeks, these are

2/2/23 £5000

3/2/23 £5000

7/2/23 £5000

20/2/23 £5000

1/3/23 £500

2/3/23 £500

12/3/23 £500

21/3/23 £1000

31/3/23 £500

13/4/23 £500

19/4/23 £250 totalling £23750.00

The staff member put a “trace” on the payments and it would seem some went to a Lloyds account, the rest went to another HSBC account by some kind of business transfer, the manes given are not known to me although one is identical to the buyer of my shop, the other is unknown.

I made numerous phone calls, many from the branch, to HSBC regarding these transactions and was told they were investigating.

Three days later I put my concerns on paper by way of complaint, which up to that point and after all the phone calls, still had not been noted, even after telling the staff.

It has been an added complication in that there were many language and telephony issues, resulting in making many calls from the branch.

The recipients of these payments are not known to me, have never provided me with goods or services, and therefore would never need paying.

I reported the matter to the police by on-line fraud notification, but it seems they largely just collate the information for statistics.

I have no technical knowledge as far as computers are concerned, but in the hundreds of times this affair has traversed my mind, I have looked for a connection between my account, Lloyds and HSBC.

The only link that I can establish is that the internet contract and the card payment machine was taken over by the new buyer, and my contract ended. The payments taken were sent to Lloyds Cardnet, who after rental and fees paid commission to my HSBC account.

At the time these payments started, there was a large amount of new tech installed at the shop, which I gather can display bank accounts, cameras and much else, I would wonder if this tech can be used to access other accounts historically served by the internet link.

My contentions are,

I was never notified of such large amounts leaving my account,

Such payments were made to names with no trading history with me,

The HSBC must have some kind of reportage as far as IPadresses, times etc. to where the payments were made, so as such I have no parties to pursue legally, they maintain its a data protection issue,

The HSBC account into which some of the funds were paid, should be easy to look into and contact, it was certainly open on 19thApril 2023

The HSBC must assume that I have been in some way negligent, it is not possible to leave a bank app open and walk away, it times you out,

I was criticised for not closing the account after selling the business, having been told to keep it going by (Removed by Forum Team) of HSBC on 1st February, hopefully this is still recorded,

I will happily swear an affidavit that I have never disclosed, to any person outside of my employ, any access information regarding my account.

I have been offered no assistance to survive subsequently, I will have to borrow from a family member to maintain myself and ask my customers to pay invoices earlier than their systems permit.

I have been paying charges for this account, surely this involves safe administration

I have today, 2 weeks hence, received a e-mail from HSBC, saying that they can see no failure in their systems and decline any recourse from me.

But I have received some uplifting e-mails regarding the interest rates for non authorised overdrafts.

(Removed by Forum Team)

Exodi

I wish you didn't post this in extra small text!

Could you clear something up for me:

"the names given are not known to me although one is identical to the buyer of my shop, the other is unknown."

What has happened regarding this, it seems like a key point but you didn't really go in to further? Are you saying the buyer of your business has stolen thousands of pounds from you after the sale? Have you spoken to him about it?

I think perhaps the most interesting thing is the amounts:

2/2/23 £5000

3/2/23 £5000

7/2/23 £5000

20/2/23 £5000

1/3/23 £500

2/3/23 £500

12/3/23 £500

21/3/23 £1000

31/3/23 £500

13/4/23 £500

19/4/23 £250

In particular that they start off very high, then immediately decrease. This (to me) suggests the person withdrawing these funds either was able to view the balance of the account, or was at least aware of it. It seems they didn't just have the card details, but  total access to the account (much harder for a total stranger to pull off).

I think all of the information about the card payment software is irrelevant, as I don't think you can make payments from it.

I'm not sure what this 'tech' which can 'display bank accounts' is about. Virtually all banks require 2FA - whether a physically card reader or at least secret passcodes.

The cynical side of me thinks this is an inside job.

"I reported this to the staff member, who was initially rather unhelpful, and having checked the payments was of the opinion that either I or my admin person had made these payments.

I definitely made no such payments and my administrator would never pay anything without my authority."

If people out-rightly admitted what they had done on the spot, we would save a lot of tax money on the police, forensics, courts, etc.

I understand it is hard to think about those close to us acting maliciously, but I would say you should keep an open mind.

comeandgo

You state it can’t be your administrator, why can’t it be?  Have you googled the unknown name who got the money?  I think you need help, do you have an accountant or solicitor who helped with the sale of your business?

Momanns

HSBC would have looked at how the payments were made including device ID/IP address to see if this matched any previous payments which leads me to suspect they did. They will also have found it suspicious that the payments were made over a matter of months and only just reported.

HSBC do not refund unless they are satisfied you are the true victim of a scam or HSBC themselves have been negligent.

You could arrange to meet with a branch manager, explain the situation and request help that way (or at least try and get details around the payments) or put your concerns and complaint in writing as HSBC will then review the events.

billposters2

Thank you for your thoughts on this,
Exodi, It is the same name and I have been assured by him that he has had no inputs from me. Indeed my account was quite healthy until the withdrawals eventually rendered it in overdraft.
Comeandgo, No my administrator is totally trustworthy, and is as horrified as myself over this. I will google the name now.
Momanns, The bank never told me many details other than one is an HSBC customer and the other Lloyds, I would have hoped they would have at least queried it with the HSBC customer.
The details of the recipients are apparently secret under data protection, maybe the police will find out.
I loath on-line banking and usually go into branch or use my card at the point of supply, I should really be able to leave my account without having to check it I would have thought.
Probably a lost cause but my last hope is the Ombudsman.
Thank you for your thoughts guys, 
Tony 

Exodi

billposters2 said:

Exodi, It is the same name and I have been assured by him that he has had no inputs from me. Indeed my account was quite healthy until the withdrawals eventually rendered it in overdraft.

Well I find the fact that one of the transferees just happened to have the same name as your new buyer completely suspect. I'm suprised you appear to have fully dismissed this point because "I have been assured by him that he has had no inputs from me".

I think the only way this could have been the case, would be if the thief was to have set up themselves as a payee and used his name as as the new payee on the online bank to make the transfers look less suspicious. Nonetheless, you should have visibility of the recipients bank details - is there some way you can check whether they are the same as the new buyers (except asking him)?

billposters2 said:

Comeandgo, No my administrator is totally trustworthy, and is as horrified as myself over this.

If you're certain it's not your new buyer, and you're certain it's not your administrator - then if you had to bet, is your money on it being a complete stranger?

billposters2 said:

Momanns, The bank never told me many details other than one is an HSBC customer and the other Lloyds, I would have hoped they would have at least queried it with the HSBC customer.
The details of the recipients are apparently secret under data protection, maybe the police will find out.
I loath on-line banking and usually go into branch or use my card at the point of supply, I should really be able to leave my account without having to check it I would have thought.
Probably a lost cause but my last hope is the Ombudsman.
Thank you for your thoughts guys, 
Tony 

I think Momanns made his point because you previously said "I reported this to the staff member, who was initially rather unhelpful, and having checked the payments was of the opinion that either I or my admin person had made these payments." which suggests that they might have checked the IP data and found that it was the same to past transactions - hence their unwillingness to consider this a scam.

I think it provides relief to you to blame lonline bankingl, or the newsagents card machine, or new software, as a faceless criminal is easier to blame than someone you know. Online banking is totally secure, MFA is usually a total roadblock for thieves on the outside.

tightauldgit

I don't see how anyone can log in to an online bank account and send money to another account without having the log-in details so that kind of narrows down the possibilities - it would appear that someone somewhere has your log-in details. I'm sure HSBC must have more information than they are able to disclose to you including IP addresses of log-ins etc and they will have looked at that to establish what they think has happened - if it showed a random log-in from Nigeria then I'm sure they would have flagged that up to you. 

So that only really leaves a few options: 

1. You did it yourself - obviously you know you didn't but the bank can't just take your word for it
2. You have knowingly disclosed your bank log-in details to someone else who did it - so who would have access to that information?
3. You have unwittingly disclosed your bank log-in details to someone else who did it - do you remember any suspicious emails asking for any information or asking you to log in to your bank account for any reason? 

An outside chance you've left something logged in at the old business with some easily guessable personal information as security? 

I would say as a first step you have to think of anyone and everyone that you have disclosed your banking log-in details to as suspect. 

billposters2

Thank you tightauldgit, I hope that at some point very soon that the IP address can be checked, as i left the shop before the first transaction, so clearly I wouldnt be there at that time.
Thanks again for your thoughts folks.
Tony