closing tag is in template navbar
timefactors watches



TZ-UK Fundraiser
Results 1 to 30 of 30

Thread: Scam Warning for small businesses

  1. #1
    Grand Master Dave+63's Avatar
    Join Date
    Jun 2012
    Location
    East Sussex
    Posts
    15,908

    Scam Warning for small businesses

    On Friday I was very nearly caught out by a scam that would have cost me over £9,000

    I received a deposit from a known customer (who’s account had been hacked) and shortly after received a phone call from someone supposedly being my customer. In this instance I knew my customer personally and recognised that the voice was wrong. He then became my customers son!

    As I didn’t have my customer’s bank details, he sent bank details across by text message. At this point the alarm bells had truly kicked in and I told him that I wasn’t doing anything until I had seen my customer in person to discus it. I heard no more from the other guy and am left with a large sum of money sat in my account.

    The bank then suspended my accounts. After a lengthy conversation, my accounts were freed up and I was advised that this money must only go back to the account that it came from or I could be in serious trouble.

    Apparently it’s quite normal for scammers to use a third party (always a small business) as once it has passed through another account it can’t be taken back. The reason being that the account holder (me) would have made the payment and therefore under the rules, it’s not a fraudulent transaction whereas the payment to me was fraudulent because it wasn’t made by the account holder.

    Had I paid the money back out, I’d be £9k down.

    I was lucky but I was almost taken in. In a company where the person dealing with finance doesn’t have direct contact with the customer, it could easily pass through without a thought.

    I though it wise to share my experience to hopefully stop anyone being caught out.

  2. #2
    Small business owner here. Am I the only one who doesn't understand what's going on?!

  3. #3
    Master draftsmann's Avatar
    Join Date
    Oct 2015
    Location
    Malta and sometimes bits of Brit
    Posts
    5,043
    In the financial services world everyone from chairman down to the lowliest clerk receives regular training on anti money laundering.

    I wouldn’t be surprised if mandatory training was introduced for owners and directors of all businesses in the foreseeable future. Arguably it should be.

  4. #4
    Grand Master Dave+63's Avatar
    Join Date
    Jun 2012
    Location
    East Sussex
    Posts
    15,908

    Scam Warning for small businesses

    Quote Originally Posted by Jdh1 View Post
    Small business owner here. Am I the only one who doesn't understand what's going on?!
    Scammer hacks customer account
    Scammer pays legitimate business
    Scammer phones business pointing out payment
    Scammer gives account details to return the money

    Business “returns” money to scammer’s account
    Customer bank reclaims money as paid fraudulently by scammer
    Business can’t claim money back from scammer as payment was made legitimately by business.

    Customer gets his money back
    Scammer gets money
    Business left in the middle (in this case) £9k out of pocket.

    The thing is that when you see someone has paid you by mistake, you want to get it back to customer ASAP so when you get a call, you’ve got it in your head to get the money back.
    Last edited by Dave+63; 18th November 2018 at 11:21.

  5. #5
    Master IAmATeaf's Avatar
    Join Date
    Nov 2011
    Location
    NW London
    Posts
    4,757
    Quote Originally Posted by Jdh1 View Post
    Small business owner here. Am I the only one who doesn't understand what's going on?!
    It sounds like he’s received some money into his account, a fraudulent transfer. He then had a call from his supposed customer exclaiming that it was made in error and would he be kind enough to transfer the money back, the scammer then texted some bank account details over. If he had fallen for it as he would have initiated the transfer he wouldn’t have been protected. The bank eventually cottoned on, suspended his account demanding that the fraudulent transfer go back? This is the bit I don’t really understand as surely it’s up to the bank to correct as the OP was an innocent party in all this.

    Plenty of people have fallen for this, I remember reading of a lawyer whose secretary transferred over a large amount as she received an email supposedly from him to do so. Being a lawyer as he knew the legal processes he managed to put stop orders on some of the scammers bank accounts and actually got some of his money back, not something that everyday people can do unfortunately as the banks don’t care and hide behind their rules.

  6. #6
    Master blackal's Avatar
    Join Date
    Mar 2012
    Location
    Scottish Borders
    Posts
    9,515
    Tell me if I am incorrect:

    The reason the hacker doesn’t simply send the £9k to his own account - is that all he has access to is existing payees of the customer?

    By doing it the way he does - it breaks the trail for fraud investigation.

  7. #7
    Master draftsmann's Avatar
    Join Date
    Oct 2015
    Location
    Malta and sometimes bits of Brit
    Posts
    5,043
    Quote Originally Posted by IAmATeaf View Post
    Plenty of people have fallen for this, I remember reading of a lawyer whose secretary transferred over a large amount as she received an email supposedly from him to do so. Being a lawyer as he knew the legal processes he managed to put stop orders on some of the scammers bank accounts and actually got some of his money back, not something that everyday people can do unfortunately as the banks don’t care and hide behind their rules.
    A couple of people have tried that trick on my trust company, to the point of registering a domain name that looks at first glance identical to ours and then sending an email to one of my employees purportedly from me giving instructions to transfer money to a named account. A stupid scam to attempt on a business like ours where we have to have controls in place to prevent this sort of thing.

  8. #8
    Got it. Didn't pick up on him ringing to say the payment had been made by mistake. Wouldn't someone in this position simply return the money to the account from whence it came, thereby leaving everyone back where they started?




    Quote Originally Posted by Dave+63 View Post
    Scammer hacks customer account
    Scammer pays legitimate business
    Scammer phones business pointing out payment
    Scammer gives account details to return the money

    Business “returns” money to scammer’s account
    Customer bank reclaims money as paid fraudulently by scammer
    Business can’t claim money back from scammer as payment was made legitimately by business.

    Customer gets his money back
    Scammer gets money
    Business left in the middle (in this case) £9k out of pocket.

    The thing is that when you see someone has paid you by mistake, you want to get it back to customer ASAP so when you get a call, you’ve got it in your head to get the money back.

  9. #9
    Grand Master Raffe's Avatar
    Join Date
    Feb 2012
    Location
    Lëtzebuerg
    Posts
    38,754
    Quote Originally Posted by draftsmann View Post
    A couple of people have tried that trick on my trust company, to the point of registering a domain name that looks at first glance identical to ours and then sending an email to one of my employees purportedly from me giving instructions to transfer money to a named account. A stupid scam to attempt on a business like ours where we have to have controls in place to prevent this sort of thing.
    The so-called "Fake president" fraud has yielded scammers billions over the past years. Again and again company employees are falling for it, sometimes for hundred million Dollars at a time.

    French businesses have lost an estimated €465m since 2010, official figures suggest, with 15,000 firms falling victim to the scam, including big names, such as Michelin, KPMG and Nestle.
    https://www.bbc.com/news/business-35250678
    Someone who lies about the little things will lie about the big things too.

  10. #10
    Quote Originally Posted by Dave+63 View Post
    On Friday I was very nearly caught out by a scam that would have cost me over £9,000

    I received a deposit from a known customer (who’s account had been hacked) and shortly after received a phone call from someone supposedly being my customer. In this instance I knew my customer personally and recognised that the voice was wrong. He then became my customers son!

    As I didn’t have my customer’s bank details, he sent bank details across by text message. At this point the alarm bells had truly kicked in and I told him that I wasn’t doing anything until I had seen my customer in person to discus it. I heard no more from the other guy and am left with a large sum of money sat in my account.

    The bank then suspended my accounts. After a lengthy conversation, my accounts were freed up and I was advised that this money must only go back to the account that it came from or I could be in serious trouble.

    Apparently it’s quite normal for scammers to use a third party (always a small business) as once it has passed through another account it can’t be taken back. The reason being that the account holder (me) would have made the payment and therefore under the rules, it’s not a fraudulent transaction whereas the payment to me was fraudulent because it wasn’t made by the account holder.

    Had I paid the money back out, I’d be £9k down.

    I was lucky but I was almost taken in. In a company where the person dealing with finance doesn’t have direct contact with the customer, it could easily pass through without a thought.

    I though it wise to share my experience to hopefully stop anyone being caught out.
    Thanks for the heads up on this, any flags on such scams are much appreciated by those trying to make an honest living ... £9k net probably takes quite a bit of turnover to generate.... well done.

  11. #11
    Grand Master Dave+63's Avatar
    Join Date
    Jun 2012
    Location
    East Sussex
    Posts
    15,908
    Quote Originally Posted by Jdh1 View Post
    Got it. Didn't pick up on him ringing to say the payment had been made by mistake. Wouldn't someone in this position simply return the money to the account from whence it came, thereby leaving everyone back where they started?
    In this instance I don’t know the customer’s bank details as I only receive a name and reference.

  12. #12
    Grand Master VDG's Avatar
    Join Date
    Mar 2010
    Location
    Whitehole
    Posts
    18,967
    Wouldn't anyone want something a little bit more tangible than a phone call and txt message in order to justify monies leaving their bank account if only for the sake of balancing their books?
    Fas est ab hoste doceri

  13. #13
    Master IAmATeaf's Avatar
    Join Date
    Nov 2011
    Location
    NW London
    Posts
    4,757
    Quote Originally Posted by blackal View Post
    Tell me if I am incorrect:

    The reason the hacker doesn’t simply send the £9k to his own account - is that all he has access to is existing payees of the customer?

    By doing it the way he does - it breaks the trail for fraud investigation.
    That and the fact that as it was a fraudulent transfer the bank would claw it back whereas if the OP had transferred the money, even though it was part of the scam the bank would simply shrug their shoulders stating that you willingly made the transfer so tough. I really can’t see why there can’t be some sort of bank code or conduct that would protect people in these sorts of cases?

  14. #14
    Master alfat33's Avatar
    Join Date
    Aug 2015
    Location
    London
    Posts
    6,198
    Quote Originally Posted by VDG View Post
    Wouldn't anyone want something a little bit more tangible than a phone call and txt message in order to justify monies leaving their bank account if only for the sake of balancing their books?
    You would think so, but you would be amazed what some people do unless they have been educated in the risks, especially in larger businesses where there is less personal contact (as the OP said).

    Most large companies now have a special process for registering supplier and customer bank detail changes that doesn’t rely on responding to emails and phone calls.

  15. #15
    we had a fax come through (remember those?) from a reliable customer but with bank details badly written on top of obviously tippexed out print

    someone in that company thought they would 'divert' funds

    had they been more professional about it probably could have got away with it if someone in accounts didn't recognize the change in account details for that particular customer

  16. #16
    Master
    Join Date
    Feb 2003
    Location
    Northener
    Posts
    2,677
    Good to know this, thanks for the heads up

  17. #17
    We lost £9k this year, they always try for under £10k. The director was away and a scammer cloned his email and emailed the accounts lady asking to pay a client. The email was letter perfect in her mail box but when you clicked reply it changed by 1 letter. Unfortunately she did not check with me and just did the payment the same day. £9k gone in less than 5 mins. Like above because we sent the payment it not fraud and the neither the police or the bank showed much interest!

  18. #18
    Craftsman
    Join Date
    May 2014
    Location
    United Kingdom
    Posts
    801
    Quote Originally Posted by NikGixer750 View Post
    £9k gone in less than 5 mins. Like above because we sent the payment it not fraud and the neither the police or the bank showed much interest!
    There's the problem. It should come under the heading of 'fraud' and should be just as interesting to the banks and police.

    That it doesn't makes the banks just as amoral imo.

  19. #19
    Grand Master Dave+63's Avatar
    Join Date
    Jun 2012
    Location
    East Sussex
    Posts
    15,908
    I really don’t know what’s going on here; the week before the attempted scam a customer genuinely overpaid me by a factor of ten and another customer did the same yesterday!

    In both instances it was a genuine mistake and has been rectified face to face but that’s the only two times it’s happened in nearly ten years!

  20. #20
    In the last month I have received the most convincing "PayPal" phishing email I have ever seen - and today received a totally convincing bogus invoice "from" a regular business contact.

    I presume there is so much money to be made from this type of scam, and so little chance of being caught, let alone successfully prosecuted, that there is some serious investment from organised crime going into it.

    I can't help but see this as a missed opportunity for banks to gain massive kudos from dealing with this kind of fraud. All domestic banking transfers should be traceable, and someone's money remains their money until they part with it legitimately however many accounts it passes through.

    There really is a technical solution to most of the bad being committed here but it takes determination and commitment to sort it - 'though surely the banks that would do it would instantly clean up in their markets? Id move my business to such a bank without hesitation.

  21. #21
    Grand Master Raffe's Avatar
    Join Date
    Feb 2012
    Location
    Lëtzebuerg
    Posts
    38,754
    Quote Originally Posted by Bristolian View Post
    In the last month I have received the most convincing "PayPal" phishing email I have ever seen - and today received a totally convincing bogus invoice "from" a regular business contact.

    I presume there is so much money to be made from this type of scam, and so little chance of being caught, let alone successfully prosecuted, that there is some serious investment from organised crime going into it.

    I can't help but see this as a missed opportunity for banks to gain massive kudos from dealing with this kind of fraud. All domestic banking transfers should be traceable, and someone's money remains their money until they part with it legitimately however many accounts it passes through.

    There really is a technical solution to most of the bad being committed here but it takes determination and commitment to sort it - 'though surely the banks that would do it would instantly clean up in their markets? Id move my business to such a bank without hesitation.
    It's not the banks who control this, it the legislator. The banks couldn't claim back they payments if they tried, the recipient would have legal standing to claim it's theirs. If you want to change this, you need to change the law.
    Someone who lies about the little things will lie about the big things too.

  22. #22
    Quote Originally Posted by KNog View Post
    There's the problem. It should come under the heading of 'fraud' and should be just as interesting to the banks and police.

    That it doesn't makes the banks just as amoral imo.
    Don't see why it's not fraud, you might have willingly sent the payment but were tricked into doing so. The banks aren't really liable though but do have a moral duty (IMO) to help prevent them

  23. #23
    Master
    Join Date
    May 2011
    Location
    By the TOLL Road
    Posts
    4,987
    Blog Entries
    1
    A company who have carried out work for me had their accounts hacked, I was sent two bogus invoices, I knew I did not owe the money so did not make any payment. I telephoned the secretary to tell them,and she knew nothing

  24. #24
    Quote Originally Posted by Raffe View Post
    It's not the banks who control this, it the legislator. The banks couldn't claim back they payments if they tried, the recipient would have legal standing to claim it's theirs. If you want to change this, you need to change the law.
    The law is not a problem. If your money is in someone else's account (in England & Wales) and you didnt put it there or were tricked into doing so, it's still your money and a court will order its return. The problem is that banks will not usually act without an order from the court or the consent of the other party. Another practical problem is that as part of a fraudulent transaction it'll be gone in an instant. If you were to find money in your account that you knew not to be yours, and you spent it, you would be liable to repay it to the proper owner.

    What is needed is for banks to have terms of business with their customers, and agreements between themselves, that allow wider powers for freezing and recovery of misplaced funds within their accounts network, without the need to go to court to get an injunction. That's actualy a significant burden on the banks to administer, but my argment is that the cost of doing it would be offset by the benefit to the crediblity of their wider business. Plainly they dont (yet!) agree.

  25. #25
    Quote Originally Posted by Dave+63 View Post
    In this instance I don’t know the customer’s bank details as I only receive a name and reference.
    Actually never realised this, just checked some history on my business account and low and behold no details other than a reference! so I can see why it would easily catch someone out! I guess the only answer is to call the bank and get them to do a reversal on the transfer?

  26. #26
    Grand Master Saint-Just's Avatar
    Join Date
    Apr 2007
    Location
    Ashford, Kent
    Posts
    28,933
    Quote Originally Posted by BCD View Post
    ...guess the only answer is to call the bank and get them to do a reversal on the transfer?
    Will not work. As it can only be initiated by the account holder (or someone with his authority) a bank will not reverse a transfer. They will need the agreement of the recipient, which in this case would be difficult to obtain.
    'Against stupidity, the gods themselves struggle in vain' - Schiller.

  27. #27
    Master
    Join Date
    Jun 2014
    Location
    Driffield, UK
    Posts
    3,122
    BTDT... 20K down. This was about ten years ago and it was a payment to us by a stolen/fake cheque. Punter was screaming saying please send it back asap because it was a mistake and my boss will kill me. My MD made a BIG mistake and after a couple of days TTed the money back. The very next day the payment was refused by our bank due to it being a fraudulent cheque..... we were 20K down! 10 years later and it still makes me break out in a cold sweat.

  28. #28
    Quote Originally Posted by Saint-Just View Post
    Will not work. As it can only be initiated by the account holder (or someone with his authority) a bank will not reverse a transfer. They will need the agreement of the recipient, which in this case would be difficult to obtain.
    Someone paid me £350 but should have been £315. There was a ‘correcting entry’ of -£350 and another for £315.
    All w/o input from me.

  29. #29
    Grand Master Saint-Just's Avatar
    Join Date
    Apr 2007
    Location
    Ashford, Kent
    Posts
    28,933
    Send me £10000. Then tell your bank it’s all a mistake, you meant £1.00.
    'Against stupidity, the gods themselves struggle in vain' - Schiller.

  30. #30
    Master
    Join Date
    Dec 2016
    Location
    Kent
    Posts
    1,971
    How is it in cases like this it’s not as simple as finding the scammer based on their bank account info?

    Surely to have a bank account you need to be giving legitimate details? And then they go and try and draw out he £9k (which is a fuss in itself these days)

    If they put more onto the bank to make them responsible for having a legit account it may not be quite so easy for these scammers.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Do Not Sell My Personal Information