Two business owners did not realise anything was amiss until one of their UK suppliers picked up the phone and asked why a payment they believed they had transferred to his account five weeks earlier had yet to be sent.
Confused and uncertain, the couple looked back on their transactions and discovered they had been the targets of an elaborate e-mail scam that had hacked into their Outlook accounts and manipulated the e-mails they were both sending and receiving.
“We had overseas transactions that needed to be processed and the supplier we were doing business with duly sent an invoice and requested payment,” said Nick, whose real name is not being used to protect the couple’s identity.
“Within a couple of hours, we received a second e-mail from an identical e-mail address telling us, ‘listen we’ve since updated our banking details and mistakenly sent you the old one. Can you send the payment through to these accounts provided’. They had all the documentation and the accounts were genuine, nothing about it looked out of the ordinary.”
The couple discovered that their business accounts had been the target of a phishing attack which allowed hackers to monitor their correspondence and interfere to manipulate their e-mails to their advantage.
The emotional toll it leaves on you is like nothing else
“Essentially, they would wait until they saw e-mails related to payments, then made small, almost imperceptible changes to them that would not arouse suspicion. So, they posed as our suppliers with updated bank details and in turn sent e-mails to our suppliers, making up stories about having issues with payment,” Nick continued.
“By the time someone picked up the phone and we realised what was going on, we were out in excess of €90,000.”
The experience has left the couple emotionally drained and violated after such an intense invasion of privacy that has impacted their livelihoods.
“Financially we’ve been very badly hit and we’re taking all the steps we can to try and recover the money,” Nick said. “But the emotional toll it leaves on you is like nothing else. We feel violated to the very core.”
The couple hope that their misfortune can serve as a cautionary tale for others who may think twice about taking that innocuous e-mail at face value.
“We really want to emphasise that when it comes to payments you have to be excessively vigilant, don’t take everything at face value and pick up the phone to confirm that what you’re seeing is genuine,” Lindsay said.
“We also feel that there should be more due diligence from banks where large payments are concerned,” Nick added.
“The two banks involved in our case, NatWest and Barclays, are not some small local bank. More questions should have been asked when these vast sums of money were transferred and accounts shut down quickly afterwards.
“Hackers are using these banks’ services to quickly move out stolen money. Effective communication between these banks would have put a stop to it much quicker.
“Why are hackers allowed to open up accounts online with little to no documentation and no inquiries are made when large amounts of money pass through and accounts are closed?”
While the police’s cybercrime unit has been very helpful in assisting them, Nick and his partner also think there should be more awareness on what to do if you are the target of an attack.
“Lost and headless,” was how Lindsay described the feeling after what happened.
“Without the proper guidance you could be wasting precious time in a very time-sensitive matter. A centralised platform telling you who to call and how to get help will go a long way for victims of these crimes.”