Scammed Though Fake Invoice via Compromised Email - Need Advice Please

cathaygirl on 04/07/2021 - 00:48
Last edited 04/07/2021 - 09:42 by 1 other user

After being in a lost state of mind the past month since the scam, I hope to seek advice from the OzBargain community. I’m here asking for advice and please spare any grief as it’s been a difficult experience.

I have been emailing back and forth with our builder and when they sent me an invoice for the first progress payment, the scammers intercepted and sent me builders letterhead with the amended bank account details.

I even replied to this email to confirm the payment details etc, unknowingly by then I was communicating to the scammer instead. And he replied to the forwarded email and confirmed his account was correct. So I transferred $13k to the account.

It’s only when I spoke to the builder the next day was when we both realise that he did not get any of the emails I sent to him nor the money. It only hit me when he told me he is using Bank A not Bank B (that I remit payment)

I immediately forwarded the email thread and typed out his email address, letter by letter - [email protected] and the builder still did not receive the email thread. How is that possible? And The scammer had the audacity to reply that forwarded email later that day he received the money!

Long story short- because the account is interstate, and the account by then is closed, it took 2 weeks for WA cyber police to open the investigation ( I was in a long queue apparently) the scammer has left the building and the case is pretty much cold by now. The Banks are not helpful at all and made it very clear they won’t recover the money. I feel helpless and don’t know what else to do. I have already spoken to both banks Branch Manager, went to local police and called WA Cyber Police and Nothing from them. I went to QBCC for a solution and they offered nothing. I will be going to ombudsman if I can’t get any resolution.

The builder is not taking any responsibility and said his emails are secured so it would be my emails that has been intercepted, so it’s my responsibility. I have asked him to inquire with his builders insurance but he is not willing to. Everything is at a halt now which makes it very difficult to continue the built. I feel like I’m at his mercy as he is still halfway with the built.

I wish I could take this further and get a PI specialising in Cyber investigation but not sure where to start or if it’s even worth it. This experience have taken a huge toll on me and my family. I feel sick thinking this scammer have gotten away with it and is continuing to scam more people 😔 Any advice is greatly appreciated.

Regards

Cathayg

Internet

Comments

  • SF3 on 04/07/2021 - 00:56
    +41

    That sucks big time!

    Not much advice from me, but I feel for you.

    Good luck and hope you are able to recover your money🤞

    • cathaygirl on 04/07/2021 - 02:12
      +1

      Thanks buddy. I really appreciate it

      • Lord Fart Bucket on 04/07/2021 - 14:43
        +8

        This is getting more common. My bank rings me whenever i make a large payment to confirm:
        - Where did i get the account information from
        - Who in the company did i confirm the account information with

        • jar-unit on 07/07/2021 - 17:37
          +1

          Which bank is this? Sounds a bit big brother lol

  • Hybroid on 04/07/2021 - 01:00
    +21

    My advice would probably be unwelcome but some tough love: It's gone. Long gone. Start to move forward and get it out of your system and your head for your own mental health, especially if it's been affecting you for the past month.

    Hundreds of millions of dollars of scams go by unresolved globally. That $13k has disappeared and not many organisations are going to bother devoting resources to tracking it.

    Also agree it's nothing to do with the builder unless you have evidence otherwise. It sucks and feel for you, but time to move on.

    • spackbace on 04/07/2021 - 01:08
      +17

      Also agree it's nothing to do with the builder

      Well, the scam thread I posted below ended up getting covered by the conveyancer's insurance company, since the phishing attack came from the conveyancer's email being compromised…

      • cathaygirl on 04/07/2021 - 02:19

        I don’t have support from the builder( unlike the conveyancer) and he won’t even inquire if he is covered with cyberhack insurance

        • Franc-T on 05/07/2021 - 03:40
          +23

          Of course a builder would deny that it was them.

          First thing, get an expert to validate where the email came from and if your machine is compromised.

          If not, its the builder who was hacked and thats then possibly on them.

          If the first one, you are out of luck - if the second, you are in for a lot of pain but you may get it back.

          • knk on 05/07/2021 - 16:52
            +13

            @Franc-T: It'd be easy to work out who was compromised.

            OP just needs to check email headers and see if he was communicating with [email protected] or [email protected].

            If you're genuinely sending mail to their domain and getting responses then it's on their end and they should be liable imo (not a lawyer, in IT though).

            If you're communicating with someone else then you'd need to work out how that came about and it gets more tricky. Ie was their email compromised and then the scammer emailed you directly and masqueraded as them? Or was your email compromised and that's where the initial contact was made?

            • chriise on 05/07/2021 - 21:05
              +2

              @knk: I don't think that's how this works. If I had compromised a builder's email, I would monitor for outgoing emails with payment details. I would then email the customer from my own (very similar) domain, like '[email protected]' (see the difference to yours?), explaining that there was a mistake with the payment details and set up a new conversation. The builder will have no idea the customer is now communicating with the scammer, although the builder was still the party that let their guard down. If this has happened more than once to the builder, it's certainly them.

              It seems far more likely a scammer would target a building company than random people hoping to find an opportunity. Think about it, if I compromised OPs email, and lucked out on this opportunity, then I'd have to go out and purchase a very similar domain etc. to set this scam up.

              I'm not sure how, but I'd advise OP to push harder on the builder to determine fault.

              • nwa on 05/07/2021 - 22:18
                +1

                @chriise: This scenario you explain would be the customers fault for not observing or believing he is replying to fake email address, they are the negligent party.

                If the builders actual email was hacked and wrong payment details are sent from their email then they would be at fault.

                • chriise on 05/07/2021 - 22:38

                  @nwa: Good point

                  • eggboi on 05/07/2021 - 23:17

                    @chriise: This is all very interesting and important to pick apart. I'm not sure there have even been any robust test cases yet, but I think even if the builder's email service has been compromised; even if they had total garbage passwords and security and that's why they were compromised, the onus is STILL on the party sending the money to cop the loss.

                    Like if some criminal sneaks into a policeman's house, steals their uniform, badge, gun etc (say the policeman left their front door wide open) then the crim goes and impersonates said police officer and convinces someone they are a cop, they allow themselves to be cuffed etc. The victim cannot sue the cop whose uniform was stolen and ID was impersonated.

                    Maybe not the best analogy, but that's the closest I can think of. Totally unfair and it should absolutely be the banks footing the bill if it turns out they accepted fake proof of ID for the scammer to open the account. If it were me who lost the money, I'd be fighting tooth and nail to make the bank either reverse the funds and arrest the account holder, or, if the account holder gave fake ID and fled; make the bank reimburse me for the loss.

              • CalmLemons on 06/07/2021 - 01:17
                +3

                @chriise: This is correct and most likely the builder is using pop3/imap on a outdated server and running outdated outlook on windows and probably has his pc compromised.

                Someone probably just has his pop3 details and has setup to collect via pop3 so that's why the builder isn't getting any of the e-mails.

                However I suspect it's more so OP as what op is seeing is an alias and the true send e-mail is probably something close.

                This can easily be investigated by a low tier IT person.

              • knk on 06/07/2021 - 11:17
                +1

                @chriise: I'm correct here, understanding this stuff is literally my job. You are suggesting you tricking the end user into thinking you're the builder, this is not the builders fault it would be yours / OPs. Are they tricking based on access to your email, or access to the builders? That's the kicker.

                There are multiple things to consider here and then working out who the onus is on is more complex.

                For example, lets say the builders just useless but weren't compromised.

                Lets say you're emailing back and forth and then YOUR email gets compromised right so they can see all the back and forth emails.

                However, on the flip side lets say that the builder is also poor on the security side and does not have SPF/DKIM/DMARC setup on their domain. So the scammer is like oh shit, I can just put a rule to delete any of the legit emails and pretend to be bobsbuilding.com.au and it looks 100% OK. Maybe as a savvy end user you'd have noticed shit, this isn't coming from [email protected] but because bob hasn't handled security properly you didn't have this opportunity.

                Bob did nothing to prevent this, bob is emailing requests for payment out of an insecure system. Yes, your email was compromised but Bob is also negligent here.

                Where do we draw the line? That's where lawyers and people paid better than myself come in.

                • chriise on 06/07/2021 - 13:03

                  @knk: I agree with you 100%. I think I interpreted your first response as being; if the domain is different, then the builder wasn't compromised. I was just saying that whether the scammer had direct access to email from the builder's own account, or set up a dummy domain, in both cases it almost certain the builder that was compromised to give them access/understanding of the deal. I would expect it is far more likely for scammers to target the business to reach their clients, rather than the consumers directly - but I concede I have no experience in this space.

                  • knk on 06/07/2021 - 13:46
                    -1

                    @chriise: Not necessarily. Either could be compromised and they'd have the entire email chain and would be able to go from there.

                    Who's at fault here is going to be a bigger question though

                    • eggboi on 06/07/2021 - 14:03
                      +1

                      @knk: Well obviously it’s far more likely to be the business that’s compromised. There are probably hundreds of businesses currently being monitored by scammers, just waiting for the first invoice over 10k to come through, then they jump on it, get the money, move on to the next business theyve already sniffed out as having shit security

                      • knk on 06/07/2021 - 14:07
                        -1

                        @eggboi: Where are you pulling that assumption from outside of your ass lol?

                        Most individuals are useless when it comes to email security, this could have come from either side.

                        These phishing attacks target individuals and businesses.

                        • eggboi on 07/07/2021 - 15:52

                          @knk: I’m referring to BEC rather than phishing

                          • knk on 08/07/2021 - 11:36

                            @eggboi: that is an assumption

    • cathaygirl on 04/07/2021 - 02:07
      +8

      @hybroid I am definitely in a much better headspace today than I did a couple of weeks ago. However, I don’t want to have any regret not trying all avenues. But thanks for that.

      • zenarena on 05/07/2021 - 00:19
        +27

        i hate comments that are like "time to move on", like thanks but at the same time, you move at the pace you need to. Don't feel bad for thinking you're taking longer than how fast other people are telling you to 'get over it'. And sometimes, alot of this 'tough love' bullshit is just a blanket statement to cover the inability to empathise with the pain or grief of someone else. So if it does make you feel bad, f them. If it doesnt, then great. From reading your post, the context of whats happened and the actions you've been taking, the trying-to-be-helpful comment doesn't seem to match the gravity that this situation means to you. You take the pace you need. I've had what others regard to be small things happen to me that really affect me. Things mean different things to different people, and they dont have to make logical sense for time and space to be given to do what you deem needs to be done. Nobody can tell you when its time to move on or not.

        • cathaygirl on 10/07/2021 - 01:43

          I do appreciate your comment. This has been a rollercoaster experience for me, with more lows and uncertainties. But I know it is heading towards that direction i need to get to in the end. And everyone has been very supportive around me, which does help, including the Community here.
          I wish I could say the same with the banks and cyberpolice.
          I so feel sick, especially knowing vulnerable people are getting scammed everyday because Cyberpolice are not swift enough to act and stop the banks before releasing sums of money or closing accounts.
          As for the banks, someone from their scam dept informed me they can't do anything with the account holder because the police have not initiated investigation with the bank to take action yet. And that was 10 days after i lodged the police report. You can see why cyber scams are getting out of hand because no banks want to be accountable and the police are not taking action in a timely manner.
          I'm hoping this is not the end yet for justice.

          • HeadTheWall on 12/10/2021 - 10:10

            @cathaygirl: The issue with cybercrime is that it is so hard to police with laws, different jurisdictions etc so you will need to accept that this is going to get treated differently to getting broken into, car stolen etc. The Cyber division will more than likely be focusing on the much larger scams than you until they get better resourced, this doesn't mean that 13k is not a lot to you but there are worse cases out there.

            No one here can say whose account was compromised with the details you provided, it could be either e-mail account who the scammer gained access to. For you to make any traction on this you will need to get someone in IT to go over all the e-mails between you and the builder to determine at what stage the scammer got involved and to confirm if the mails did come from the builders e-mail or from a different domain that was setup just to continue this scam.

            E-mail headers will tell where the mails have been received and delivered from, if you can prove that the initial breach came form their e-mail then you can try chasing them, but if it came from your account then you will have to wear it.

            Yes, it sucks that you have to try and prove your innocence first (doing their job) but that is where we are at with cyber crime at the moment

            PS - You could try to find an IT company that specialises in security and approach them with a one off payment to analyse the mails between you and the builder/scammer during this period and to give you a report to give to the police/builder. It shouldn't be more than 1-2 hours work

    • buckerooni on 04/07/2021 - 21:48
      +34

      why do you agree it's nothing to do with the builder? it seems highly likely it was the builders account that was compromised.

      • F1ProjectOne on 04/07/2021 - 22:17
        +14

        Agree with this 100%, most likely a breach in the builder's email than yours.

        • bargainator9 on 05/07/2021 - 19:55
          +7

          Without knowing the full details, I’d say this is likely too, have seen it many times(work in IT). The scammer will gain access to an email account (eg the builders email, who neglected to enable 2FA on the account), and then read through some recent email to identify some possible targets, send out some bogus invoices, and create email filters/rules to hide the return email (eg if you reply) so that the builder does not see anything odd in their inbox to alert them or make them want to change their password. This way the scam can go on a little longer than one victim, they may be able to get a few victims before the penny drops and the builder finally changes their email password. As some others have said, getting someone tech savvy to review the email headers sent by scammer you will be able to tell if the emails actually came from the builders email account, in which case you may have some legal recourse(not a lawyer!).

      • LlamaOfDoom on 05/07/2021 - 00:05
        +7

        If you use Gmail (and possibly others), you can see EVERY EMAIL ever (even if its been deleted or whatever).
        Google it to find out how.
        What the builder is saying is your email got hacked, then the scammer received the mail and resent it to your own email (after deleting/fowarding the original). Seems super unlikely.

        Remember, you are also in a good bargaining position as the builder is not paid yet for work already done if I understand correctly? It may be in his interests to persue insurance and if it was his compromised its definitely in his interest to ensure it doesn't happen again!!

    • leiiv on 05/07/2021 - 09:38

      But when other people ask if they can spend the money mistakenly received in their account, the answer is always NO because the banks and cops can and will go after the money. The irony..

  • spackbace on 04/07/2021 - 01:05
    +29

    HELP PLEASE! Scammed out of nearly $100k

    Have a read through that. Plenty of advice plus a resolution. See if any of it can help you

    • cathaygirl on 04/07/2021 - 01:49
      +3

      I’m reading through it now. Thanks for the heads up.

    • jay889344 on 10/07/2021 - 10:45
      +1

      Just by way of update, that horror story was my experience and I am trying to help as best I can with advice. My first piece of advice - find out about their insurance cover. I know you've said the builder isn't being helpful, but don't relent. Press them and if they don't respond, keep going until they do.

      The police and banks sadly won't be much help. Keep going on the builder's insurance situation. If they have professioanl indemnity insurance, there may be some hope here!

  • salrock on 04/07/2021 - 01:05
    +5

    Feel for you mate. Not much advice here.

    Unfortunately BANKS are nightmare in these scams .

    I wonder if any banks provide insurance to customers in fraud cases?

    • cathaygirl on 04/07/2021 - 02:15
      +2

      The banks are hopeless… it frustrates me that Bank A and Bank B, I bank with both of them ( home loan and credit cards) They are not giving me any transparency to my case and says it’s in police investigation.

      • Settero on 04/07/2021 - 12:58
        +2

        A bank can only provide you limited information , as said by multiple people below this is likely a compromise of your builder. Speak with a lawyer , your payment may be considered valid even if they did not get it since you imply you received the invoice from their actually email not a lookalike.

        • Chiraag on 05/07/2021 - 11:03
          +3

          if you are sure that the email you got is from EXCALTY the same email address that the builder really uses, then you should talk to your lawyer.
          Because it is the builder who has been scammed not you!.

          I have had this situation before but the impersonater had and EXTRA letter at the end of the email.

          eg. [email protected] but he emailed from [email protected]

          the S is the key here.

  • SF3 on 04/07/2021 - 01:07
    +8

    You posted about being scammed back in 2018 on an iPad from Myer, but resolved. Seems like déjà vu for you :(.

    • cathaygirl on 04/07/2021 - 02:11
      +1

      Yes it was a learning experience for all of us. We are extra vigilant with everything from online purchase to social media etc. However, this costly experience has made me very paranoid with almost everything. And it’s sucks 😣

      • dins on 04/07/2021 - 05:19

        Very sorry to hear really feel for you. I presume you have already sought legal advice to see if you can take things any further. If there's nothing worthwhile there then I guess the best way forward would be to just try and erase the whole thing from memory. Who knows maybe this learning experience might have saved you from a lot worse.

    • htc on 04/07/2021 - 17:38
      +2

      Thanks for the link, I just read the post. These posts are really educational.

  • screensaver on 04/07/2021 - 05:11
    +10

    They couldnt have opened the account without ID so you need to pursue this with the banking ombudsman. When I am transferring into a new account I send a small amount first to make sure that the details are correct. Property increasing by 10000 a week in some places so the loss is not as bad as it could have been

    • parsimonious one on 04/07/2021 - 16:30
      +2

      How would transferring a small amount first helped in this case?

      OP said they received an invoice from the scammer, emailed to confirm the account details and received another email from the scammer confirming the details.

      Presumably If OP sent a small amount first and emailed to check the scammer would have just confirmed the transaction and asked for the rest.

      • s1Lence on 04/07/2021 - 16:49
        +3

        transfer small amount, call them (don't email) to see if they received it then transfer the rest to the same account

        • parsimonious one on 04/07/2021 - 18:46
          +8

          The important part is the call not the small transfer

          In OPs case, calling the builder regarding the email invoice would have flagged something was up.

          The call is the critical part

          • Scythic on 04/07/2021 - 21:37
            +2

            @parsimonious one: Some people also transferred a random small amount and asked the recipient to tell them what was the amount they received on the phone. (For example, $10.88)

            • jayzee on 05/07/2021 - 11:02

              @Scythic: You still need to CALL the intent recipient, otherwise, scammers can easily tell you the amount you transferred to them.

          • derrida derider on 06/07/2021 - 10:05
            +1

            @parsimonious one: My conveyancer said he always phones or SMS' immediately before sending any email for funds transfers for exactly this reason (think of it as a form of 2FA).

            For any substantial amount that seems good practice - whatever the outcome of this case, you should advise the builder of this.

            • skittlebrau on 06/07/2021 - 12:38

              @derrida derider: It's worth noting to look up the companies phone number from a reputable independent source. Don't just call a phone number from an email signature or the companies website as both could be compromised.

  • Soluble on 04/07/2021 - 06:34
    +23

    Same thing happened to my mate. It was the builders account that was compromised. I'd look further into that side of it.

  • indium on 04/07/2021 - 07:04
    +23

    This page seems to suggest the builder is probably liable and should lodge a claim with their insurer.

    • gromit on 04/07/2021 - 15:21
      +1

      That page is an example where the Business had been compromised, hence they were responsible. It seems the builder is claiming they were not compromised in this case and hence would not be liable. Really they need to engage someone with some technical knowledge to verify their end of the communication. While it is likely the builder it could also potentially be a compromised machine or email account with routing rules or various other options that would land the problem in the OP's lap. (still betting it is the builders issue from the description though).

  • Platinumtelecom on 04/07/2021 - 07:08
    +51

    Definitely the builder’s email compromised, not yours. How else would he intercept the invoice before it gets to you??

    I think the simplest way to deal with this is to get a lawyer. The lawyer will give you the correct course of action and relief some of your stress.

    • morse on 04/07/2021 - 08:11
      +27

      Yep if the scammer was emailing you from the builders account, it’s likely it was the builders email that was compromised. There’s also some possibility the builder is in on the scam - unlikely but possible. Have they actually started work on your place? They might have no intention to build or are trying to get paid twice.

      Also if the money went into an Australian account and that transaction was unlawful, the bank has some responsibility to hand over the details the account is registered under to the police. They are meant to check ID etc for whoever opened the account. I’m sure they’d be able to find the person if it was their financial interest at stake. I would escalate this as a complaint with the bank and like you said go to ombudsman or similar if they don’t comply.

      • derrida derider on 06/07/2021 - 10:14

        Problem is the scammer's account was not with OP's bank. And the banks are much keener on chasing scams done on their own customers (keener again, of course, if they're the ones scammed).

    • Spam Service on 05/07/2021 - 08:44
      -3

      Definitely the builder’s email compromised, not yours. How else would he intercept the invoice before it gets to you??

      Not a security expert, but I am a web developer with plenty of experience using email protocols. And it could be either the sender or the receiver - but to be honest, most likely the receiver.

      If I was a scammer and had access to OPs email details, I could set up a watcher via IMAP, and as soon as an email is received from the builder, copy it and delete it. I could automate this bit, so the email will only appear for half a second - you'd be very lucky to notice, and if you did, it could be put down to a glitch. I'd check the copy - if there is no invoice, then using my own email address with a fake sender name, send the email through.

      As soon as the invoice appears, same again, but I can modify the invoice to point to the bank account I want, then send it with my own email address again. And because they are all send with my account, the one with the invoice will appear alongside the other correspondence emails, so it looks no more 'phishy' than the other emails.

      To do this via the builder's account would be more difficult. I would need a lot more than the builder's email details. As soon as the builder has sent an email, I can't touch it - it's gone to the receiver. Instead of using standard email interfaces (like IMAP and SMTP), I'd need to intercept the email before it gets to the email server, via a man-in-the-middle attack. This would be much, much harder, and I don't think I could personally do this without a lot of research.

      • kasp on 05/07/2021 - 09:01
        +6

        You are thinking of this like they are intercepting the exact email which isn't generally how they do it because as you say it requires timing and is much easier to get caught out.

        They compromise the account look through the emails to work out what invoices etc they can send out then edit it and then send from the compromised account. They usually setup a forwarding rule based on that address to send it elsewhere so there's no chance the recipient would see it and doesn't cut the flow of emails so people don't get suspicious.

        This is usually done from the vendor's side as they are asking for payment. It is much harder to do this from the receiver side without leaving a lot more clues since you are faking an entire exchange.

        That is how this scam is done, compromised email credentials. I think the OP should just put the guys email address into have I been pwned and I reckon it would probably show up as a dark web list. That or the builder downloaded some viruses which is compeltely possible.

        Moral of the story everyone use two factor security.

        • Spam Service on 05/07/2021 - 10:02
          -2

          The reason I say it could likely be OP's account is that OP says that the builder did send an invoice - and the invoice OP received was different. If it was just a random invoice received, that would indicate that the builder's account was compromised. But if the builder did send an email, the scammer can't prevent OP from receiving it once it is sent. It's possible that the message was sent to man-in-the-middle email address, but that could be done from either OP or the builders email.

          The method I outlined above doesn't require much in the way of timing, a 5-line script can copy and delete the email from the inbox in less than a second, and the message reviewed and sent later. Nor does it require an exact target - another few lines of code and it could email me and only quarantine the potential invoice if the email contains key words like 'invoice', 'bill', 'pay' etc.

          I agree that the builder's email address would be a more valuable target and much easier to scam, but scammers will use what they can get. And if they can get access to a personal email address (which is much, much easier), they will use that. Then set up a watch for emails with an invoice, and wait. Do this with a list of 1000 compromised mailboxes bought online and you'll eventually hit an invoice. Since you can automate it with a script, it doesn't take much time or user input.

          The bottom line is that we cannot rule out either mailbox just yet. OP should lock down their mailbox, change passwords, check for forwarding addresses, check they haven't set up any app passwords, and check all active logins. Or just change email to be certain.

          • Settero on 05/07/2021 - 11:11
            +1

            @Spam Service: You forgot to consider the builders email being set for delayed sending, gives scammer plenty of time to modify a legitimate invoice

      • raptormesh on 05/07/2021 - 09:46
        +3

        You're thinking technical however most scams are much easier done on the social engineering side.

        • YellowDieselGolf on 05/07/2021 - 19:15

          It could just as easily be a compromised password in OPs email account.

          They log in.
          Find a building contract which states the progress payments.
          They doctor an invoice and send it at the right time.

          Not enough evidence in this thread know which side was hacked.

  • [Deactivated] on 04/07/2021 - 07:57
    +29

    Builders email is compromised.

    The attacker is reading their email, and deleting it. Thus the builder isn't seeing it.

    It is a really common attack.

    It is pretty hard to intercept outbound email (that you send), especially with free email services like gmail (easy with paid business email using O365). On the other hand it is much easier to do so with inbound.

    • elib on 05/07/2021 - 14:45
      +5

      +1

      I see this sometimes with clients of mine when their Outlook/Office365 accounts are compromised. The hacker gets in, puts rules in place that sends all new incoming email to trash (or similar) so the owner of the email account never sees new emails coming in, then the scammer can go to work emailing customers of said compromised business with modified invoices, etc.

      • Feeblely on 05/07/2021 - 16:07
        +1

        How can an average person avoid this? 2FA and checking rules?

        • SBOB on 05/07/2021 - 16:11
          +4

          2fa solves almost every problem with password security breaches.
          Takes away the single secret you shared with one (or multiple sites) that once known makes account access possible.

        • elib on 05/07/2021 - 22:30

          Yep two factor authentication eliminates the problem pretty much entirely.

  • thatonethere on 04/07/2021 - 10:29
    +16

    There are two scenarios here:

    1. hackers have compromised the builders email and quietly intercepting email and waiting for whale invoice opportunites to arise. When they saw the progress payment was due they put in the fake invoice for you to pay.
    2. hackers have compromised YOUR email and quietly intercepting email and waiting for whale invoice opportunities to arise. When they saw the progress payment was due they put in the fake invoice for you to pay.

    Often they put in email forwarding rules to hide email from the end user so that real email is hidden.

    Sadly one way to protect yourself is to go back to old school and create real bank cheques and hand them over in person and get receipts.

    There is a third scenario which you can see where scammers do not compromise either account and just have a shot at sending an email invoice which looks similar enough and see if it flys. They figure out business is occuring between two entities and try and insert themselves. Here is an example: https://www.abc.net.au/news/2021-06-16/tailem-bend-netball-c…

  • Mechz on 04/07/2021 - 10:35
    -2

    Apart from the good advice above I would be raising hell at your bank for not helping and threatening to leave/close all accounts etc. Might get you some traction with them.

    • Ocker on 04/07/2021 - 10:52
      +4

      But the bank acted in accordance with instructions they received from their customer. All sorts of legal complications arise if you expect a bank to become further involved.

    • derrida derider on 06/07/2021 - 10:22

      But the only bank that can possibly help is the scammers', not the scammee's (and even then its probably much too late). The money did not get transferred into OP's bank - so no point in threatening to close accounts etc.

  • barge-in hunter on 04/07/2021 - 10:59
    +7

    I'm really sorry to hear about your situation - by the sounds of it you were pretty careful.

    Comments above are correct, the builders email has most likely been compromised. Given both their lack of willingness to help you ( a bad sign for any future issues) and the bad blood now in the transaction, is it unlikely you'll continue to deal with them for the build?

    The reason I ask - the only way you'll get your money back is suing the builders, forcing them to claim through their insurance. This won't go well if you're expecting them to continue building as well

  • DJR9000 on 04/07/2021 - 10:59
    +16

    Builder's email probably compromised from any one of the hacks that have happened to major services over the years. Too many people use the same password for everything, or easy to guess passwords.

    Put their email address into https://haveibeenpwned.com/ … should give you some idea of whats happened. Tell them to update their password as who knows how many other customers of theirs will fall prey to the scammers.

  • petry on 04/07/2021 - 11:01
    -1

    yeah just contact your police.

    • dust on 05/07/2021 - 10:48

      Don't think they'll care/do much.

      • petry on 05/07/2021 - 15:01
        +1

        neither will the bank unless the police are involved.

        • cathaygirl on 10/07/2021 - 02:08

          That's how the scammers got away it. The bank's scam dept I followed up with, felt bad for me, and advise me I need to escalate it with the police as the bank can't do anything until there is a police initiating an investigation on the account holder. Its ridiculous- 10 days after and the scammers would have done another hit and run.

          • petry on 10/07/2021 - 14:43

            @cathaygirl: yep unless you involve the police and make it formal the bank will screw you over.

            why people round here deride that fact makes you wonder…

  • payless69 on 04/07/2021 - 11:11

    As much emphathy as I can give you, nowadays everybody seems to scam everyone.
    As a general rule of thumb never ever use Whatsup or Facebook for anything to do over a set limit like $500 or 1k. You set the limit but do not try to save money by using a free channel to safe on postage stamps.

    Scammers like to be your friend and soon have access to your personal information.

    Ask your bank in writing to put a trace on the account you paid in. It will take time but nobody can have an Australian bank account without ID.
    Financial stuff like this is not in the hand of state police. A trace will take time.

    Builders quotes should have exact details like ABN and advice on how much to pay and when. A builder on social media might be a one night fly.

    Hope you manage to continue building, I get up to a dozen scammers a day either by mail or phone.

    • derrida derider on 06/07/2021 - 10:30

      "Ask your bank in writing to put a trace on the account you paid in."

      But the account paid in is not with OP's bank.

      And almost certainly that account belongs to a pensioner who has fallen for one of those "Make Free Money at Home With Your Computer" ads or other social engineering (ie another scam victim). The money has long been transferred into bitcoin and held overseas.

  • [Deactivated] on 04/07/2021 - 11:17
    +2

    Good luck - I hope you recover the funds and from the stress of it all as if building/renovating your home isn't stressful enough and then you have to contend with scummy scammers 😤

  • Almost Banned on 04/07/2021 - 11:24
    +2

    https://hhg.com.au/articles/piggy-in-the-middle-dont-get-cau…
    Unfortunately this is an increasingly common scam.
    Good luck.

    • petry on 04/07/2021 - 11:26

      yeah police and bank obviously - the bank will evade - so police report helps.

  • burningrage on 04/07/2021 - 11:34
    +1

    If I am not mistaken, banks should not have allowed to have accounts opened and closed so soon. Additionally, new accounts are normally subject to 100 points check and in some case, if I recall, the account opener must present themselves to a bank to verify themselves. This is to mitigate forged documents being used to open new accounts.

    Failing this, I would argue the banks would be equally culpable for letting themselves an instrument to facilitate fraudulent transaction.

    And that would be something that you should be able to claim against.

    • JBark on 05/07/2021 - 12:54

      Ever seen those dodgy looking "Make money working from home, ask me how!" signs along with the road with a random mobile listed? They're often related to the banking side of these scams. They'll trick/scam someone local here to open a bank account in their own name, then have them do some random deposits/withdrawals to make it look like a real account. Once the account is established, they'll use to either launder money or receive scam deposits like these, then transfer the money overseas and close the account.

      Cops show up at the door of the person listed on the account, and it will be some 90 year old who was looking to make a few extra bucks doing paperwork, and doesn't have a clue what the account was being used for.

      • SydStrand on 05/07/2021 - 21:00

        Actually, most of those 'work from home' posters are roping people into scammy (but legal) MLMs.

      • cathaygirl on 10/07/2021 - 02:19

        I've been informed by the Bank's Scam Dept, that chances are the recipient of the account could be a victim too ( possible similar scenario to above comment) and that's why, its a dead end. The money would have been transferred to different bank accounts before it goes off shore. Hence why its nearly impossible to recover the money.

        • jay889344 on 10/07/2021 - 10:48

          This is what I was told too, that the account holder who they accoutn was opened in hte name of was likely an identity theft victim, so finding out who they are probably wouldn't solve hte problem. That said, they're all links to the actual criminal here so need to be investigated. Keep pushing!

  • utsc on 04/07/2021 - 11:59
    +4

    I would file a complaint with the banking ombudsman. Even if they closed the account, they should be able to provide details about the account holder as there there is a strict verification process to open an account in Australia.

    • FutureTech on 04/07/2021 - 12:13

      probably the account holder's ID was used fraudulently to open the account without them knowing

      • utsc on 04/07/2021 - 12:14
        +6

        Then the bank should be liable

        • burningrage on 04/07/2021 - 20:06

          Precisely my point. Once upon a time, you used to be required to attend to a branch to confirm identity even though you have done 100 points check.

          I am not sure about now.

          • yadq on 05/07/2021 - 07:30

            @burningrage: Can confirm it’s still a thing, at least Westpac required me to do so a couple of months ago.

    • Settero on 04/07/2021 - 12:55

      The ombudsman can not give out a private individuals account information, that's a police/legal matter, if you are going to the ombudsman it's for wrongdoing by the bank

      @utsc

      Simply put not the banks fault unless they knowingly accepted a fake application, impossible to prove and not in the banks interest to do so.

    • cathaygirl on 10/07/2021 - 02:21

      Im trying to collate as many evidence and arming myself along the way when Im ready to put my complaint in to Ombudsman,

  • Jimmycfc on 04/07/2021 - 14:24
    -2

    My work gets these daily, always check the email it came from (Even that can be spoofed)
    Always email back in a new email to an address you can see on their website or even give them a call to double check all is good…

    • djkelly69 on 04/07/2021 - 16:03
      +7

      Emailing back is definitely not a recommended option.

      You need to call them on a publicly available or known number and confirm the account details.

Login or Join to leave a comment
Login Join