Scammed Though Fake Invoice via Compromised Email - Need Advice Please

cathaygirl on 04/07/2021 - 00:48
Last edited 04/07/2021 - 09:42 by 1 other user

After being in a lost state of mind the past month since the scam, I hope to seek advice from the OzBargain community. I’m here asking for advice and please spare any grief as it’s been a difficult experience.

I have been emailing back and forth with our builder and when they sent me an invoice for the first progress payment, the scammers intercepted and sent me builders letterhead with the amended bank account details.

I even replied to this email to confirm the payment details etc, unknowingly by then I was communicating to the scammer instead. And he replied to the forwarded email and confirmed his account was correct. So I transferred $13k to the account.

It’s only when I spoke to the builder the next day was when we both realise that he did not get any of the emails I sent to him nor the money. It only hit me when he told me he is using Bank A not Bank B (that I remit payment)

I immediately forwarded the email thread and typed out his email address, letter by letter - [email protected] and the builder still did not receive the email thread. How is that possible? And The scammer had the audacity to reply that forwarded email later that day he received the money!

Long story short- because the account is interstate, and the account by then is closed, it took 2 weeks for WA cyber police to open the investigation ( I was in a long queue apparently) the scammer has left the building and the case is pretty much cold by now. The Banks are not helpful at all and made it very clear they won’t recover the money. I feel helpless and don’t know what else to do. I have already spoken to both banks Branch Manager, went to local police and called WA Cyber Police and Nothing from them. I went to QBCC for a solution and they offered nothing. I will be going to ombudsman if I can’t get any resolution.

The builder is not taking any responsibility and said his emails are secured so it would be my emails that has been intercepted, so it’s my responsibility. I have asked him to inquire with his builders insurance but he is not willing to. Everything is at a halt now which makes it very difficult to continue the built. I feel like I’m at his mercy as he is still halfway with the built.

I wish I could take this further and get a PI specialising in Cyber investigation but not sure where to start or if it’s even worth it. This experience have taken a huge toll on me and my family. I feel sick thinking this scammer have gotten away with it and is continuing to scam more people 😔 Any advice is greatly appreciated.

Regards

Cathayg

Internet

Comments

casho on 06/07/2021 - 08:43

My advice is if you get an email claiming bank details have changed. Call the builder on the phone with the number you know, not the phone number in the new scammers email. And if you confirm the builder identity and he/she confirms the bank details, send $10 as a first test, and ask them to confirm it arrived. If yes, send the remaining.
Drakesy on 06/07/2021 - 11:10

Builder's insurance may cover this.
I know conveyancers have this type of cover.

Sucks big time though.
knk on 06/07/2021 - 11:18

+7

@cathaygirl
If you'd like me to look over this and tell you who screwed up PM me and we'll go over it. No charge.
Craze on 06/07/2021 - 13:07

I wonder if this and the other threads have contributed to the alert issued
spoonmugen on 06/07/2021 - 14:05

+1

this is why on first payments to new bsb/acc ill only transfer small amounts… ie $50

confirm with the other party theyve recieved … and then transfer the remainder
superuser on 06/07/2021 - 15:36

-1

jeez, you should have called not only emailed them
Drj55 on 06/07/2021 - 16:27

+2

I just don't get why the police cabg work this out. Surely the back account had to be opened by somebody, and if that was a fake then check the next account the money was sent to. With appropriate power, surely it would only take a few hours of policing to get all this information from the bank. Maybe it wouldn't go anywhere but at least try. A theft of thousands of dollars is pretty serious, not to mention hacking, opening fake bank accounts etc.
- askbargain on 06/07/2021 - 17:09
  
  And when the money goes overseas?
spottydog0 on 06/07/2021 - 18:59

Interestingly I received the following alert email today from ACSC Alerts titled "Cybercriminals targeting construction companies to conduct email"

"The ACSC has observed a growing trend affecting construction companies and their customers. In the past six months there has been an increase in cybercriminals targeting builders and construction companies to conduct business email compromise (BEC) scams within Australia.

In a BEC scam, cybercriminals will send fraudulent emails posing as a legitimate business. These emails typically target the customers of the business and will ask them to change bank account details for future invoice payments. Victims assume this request is legitimate and will then send invoice payments to a bank account operated by the scammer.

These fraudulent emails may come from hacked email accounts, or cybercriminals might register domain names that are similar to legitimate companies (typically by swapping letters or adding additional characters). At a quick glance, an email address may look legitimate when it is actually being operated by a cybercriminal.

Successful BECs may go unnoticed for weeks or months until the construction company follows up on missing payments."
- Priester-Aus on 06/07/2021 - 23:01
  
  https://www.cyber.gov.au/acsc/view-all-content/alerts/cyberc…
Oz em on 06/07/2021 - 22:47

+1

I just saw an alert for this on Australian cyber security centre Facebook page.
Maybe they can help you if you haven’t already contacted them.
mett139 on 07/07/2021 - 00:51

+1

Have you since found anything to indicate the emails weren't from the builder or simply an alt account owned by the builder? Couldn't they just use a dummy email and bank account to contact you then play dumb?

Perhaps worth investigating the builder and flag them with the ombudsman… who knows if they have done this before, if it is them doing so.
Twodogs on 07/07/2021 - 14:42

Why dont you ask your bank to what account did they transfer the money to ?
Drewbo on 07/07/2021 - 15:22

+2

Another victim on Whirlpool: https://forums.whirlpool.net.au/thread/36yzympp
- cathaygirl on 10/07/2021 - 00:38
  
  It really upsets me that this scamming is so rampant and so unbelievably easy to steal hard earn money from innocent people! The stories i hear I about older folks/pensioners who does not know any better and their life savings stolen from these scums.
emperor on 07/07/2021 - 15:50

+2

It looks like builder's email is compromised. This could happen if he did not implement some security measures for his website and email. To confirm this, you can check builder's website domain via this tool.

In the results, please check SPF, DKIM and DMARC output. If they are not valid, then his domain emails are compromised.
- cathaygirl on 10/07/2021 - 00:44
  
  Thanks for that. I checked and the only valid result is the SPF whilst DKIM and DMARC are invalid. What does that mean? I will keep this copy for any further investigation.
  - emperor on 21/07/2021 - 16:59
    
    +1
    
    DMARC is the most important one but all these 3 are needed to prevent someone else (hacker) to hijack email and send spoofed email from the original domain address. Since your builder did not implement DKIM and DMARC, it's his fault for letting the hacker use his email address to send you spoof email. You can learn more about this here.
    - cathaygirl on 23/07/2021 - 23:02
      
      Thanks for the link it’s very informative. 👍
jowu15 on 07/07/2021 - 18:54

+2

its so dangerous
- cathaygirl on 10/07/2021 - 00:47
  
  it is very scary….. i feel for pensioners or who are more vulnerable to these attacks and scams and could lose their life savings.
grimo82 on 07/07/2021 - 19:41

+2

I'm doing Reno's and 3 of my suppliers all got hit by this, plus a mates big manufacturing firm/retail supplier, and a co worker who lost $100k in a development in the exact same circumstances - hacked email/phone accounts and modified invoices.

Form what I hear the only thing that protects against it cyber security insurance (who knew there was such a thing) - even if it's your supplier who been backed and not you.
- grimo82 on 07/07/2021 - 19:42
  
  +1
  
  Interestingly funds were funneled from east coast to west before disappearing offshore. They must be makjng a killing.
  - dins on 08/07/2021 - 19:51
    
    Prolly ends up in some crypto exchange I would reckon.
MITM on 19/07/2021 - 15:56

+1

So how did you go - where you at with the builder ?
- cathaygirl on 23/07/2021 - 22:58
  
  +1
  
  At this stage, the builder is not claiming any responsibility and I was hoping for the police to intervene and would make contact with him.
  However after 5 weeks, I follow up with Cyber crime, I found out that my case was overlooked and never received by the respective dept in WA for investigation. I eventually received an email with the assigned police officer in charge. And that’s where I am currently am. It’s a lost cause.
Jimmy3 on 09/10/2021 - 14:18

Hello All,

Late to the discussion. My parents have been impacted by a BEC scam also. The tradie actually used Xero software, the email was intercepted, the invoice altered and the bank account details were changed. What is the situation in this instance? Is this still attributable to the tradie's computer (website, Facebook, socials etc.) being impacted or my parent's. As others have noted, it's a highly stressful period and the bank (who I personally think should be accountable given fraudulent bank accounts can be set up incl. not requiring in person / branch verification (all in the name of efficiencies and profits with CBA recently announcing a $6B profit)) / police haven't assisted 1 bit. Thanks in advance for thoughts / advice.

Scammed Though Fake Invoice via Compromised Email - Need Advice Please

Comments

New Forum Topics