A warning to any Customers or Suppliers that use BACS or online Bank payment systems.

We have been victims of a sophisticated email interception scam.

Normal email correspondence between ourselves and a regular Chinese supplier have been intercepted by fraudsters.
They have been allowing all normal correspondence relating to shipping, order confirmations etc. to pass through. However, “normal” emails relating to payment details have been doctored, inserting the fraudsters own bank account details into our supplier’s pro-forma invoice.
Because the email is actually an original that has been altered, it is very hard to spot that anything is wrong however on scrutinizing the emails afterwards we could see that new email addresses for both parties had been used which were one character different. The first step in this scam was by hacking into our Chinese supplier’s Yahoo account without them realising.

If any of your suppliers request an alteration to your normal payment method or payment destinations, do not accept these changes without speaking to your suppliers on the telephone to ensure that the instruction is genuine.

Unfortunately these criminals are pretty smart and have no problem stealing hard earned cash from businesses. The authorities are not interested in taking any action, like shutting down bank accounts or quizzing bank policies regarding proof of identity when opening accounts for the fraudsters, so there is little chance of recovery. Luckily for us it wasn’t a significant amount of money but it easily could have been.

This is the first time we have heard of this scam but as free online email accounts such as Yahoo, Hotmail and Gmail are quite easy to hack into it is likely to become much more common.

Be careful when sending any online Bank payments, once a payment has gone there is virtually no chance of recovering your money.

David Dodd
Managing Director
Interex
1 October 2012