The firm said customers paid £10,000 into a fraudulent bank account after the company’s e-mail was hacked by cyber-criminals in Nigeria.
“When we discovered this, our client sent the money again, this time to the right account, believing their bank would compensate them, but it didn’t,” said one of the directors at the firm.
“We are now extremely careful with money transfer, and have a standard warning at the bottom of our invoices, but also make a point of verbally warning them of what has happened.
“We now also have a two-stage password system for our Office 365 account, which should make it very difficult to hack.”
The firm has also added this to the bottom of its e-mails:
“This message is confidential and for use by the addressee only. If you are not the intended recipient you must not use, disclose, distribute, copy, print, or rely on this message.
“XXXXX accepts no responsibility for changes made to this message after it was sent or for any loss or damage from receipt or use.
“While every effort has been made to ensure that e-mails and attachments are virus-free, it is the responsibility of the recipient to verify the integrity of such e-mails. We regard the internet environment as insecure and prone to transmission delays beyond our control.”
Meanwhile, the customers of Eco German Kitchens who were scammed out of £23,500 after the Winchester firm’s e-mail account was hacked have agreed a deal this week to honour their financial commitment to the kitchen designer.
Following Eco German Kitchen’s refusal to accept a 50% haircut on the kitchen and tense correspondence, the firm has confirmed that the clients have accepted a deal in which they repay the full amount over a 12-to-18 month period.
Director Sabine Searle said they had agreed to make an initial upfront payment of £5,000 followed by monthly payments of £1,000 until the full amount is paid. Searle said she has taken off £1,300 as a goodwill gesture.
Cyber-attacks are rife and growing, with every industry and business – small and large – a target.
Speaking to kbbreview previously, Mark Banks, a director at IT support firm Firbanks IT, warned that malware attacks can be difficult to spot because they will often come in the form of a genuine-looking e-mail. For example, a customer enquiry about potential work with a PDF of proposed plans attached.
He said that spammers will open a dialogue and reference you to open a PDF that doesn’t work, but is in fact malware.
He called it “spam with intent to be malicious”.
Bank transfer fraud – also called push payment fraud – has become the second biggest type of payment fraud after card fraud, in both number and total value.
Figures from UK Finance showed that more than £100 million was lost to these types of scam in the first half of 2017, with only £25m being recovered by banks and other firms on behalf of their customers. There were nearly 20,000 individual cases over that period.
Consumers lost an average of £3,000 and businesses £21,500.
Until now, banks had no obligations to reimburse victims of fraud.
But the Payment Systems Regulator is hoping to change this, currently working on plans to better protect victims of push payment scams.
It aims to implement a scheme later this year that makes reimbursement contingent on the actions of the banks both sending and receiving the funds when a push payment scam occurs.
- Have you been affected by a cyber attack? Do you have cyber liability insurance? If you’d like to share your story, please e-mail firstname.lastname@example.org