‘Scammers hacked our e-mail too…’

A KBB showroom in Poole has revealed that it has also been targeted by cyber-criminals.

As Eco German Kitchens in Winchester struggles to recoup thousands of pounds customers paid into a fake bank account after fraudsters struck in May, family firm Hale and Murray in Poole told kbbreview its IT systems had also been hacked and bogus invoices sent from the company e-mail without their knowledge.

Julie Stevens, a sales designer at Hale and Murray, said the first time it happened, the customer was quick to spot that the tone of the e-mail did not sound right, and reported it to the company.

“We had our tech guys check it out, but they were at a loss and said it was our client’s system that had been hacked,” said Stevens.

“We thought no more about it, until an interior designer we have worked with for years told us he had sent us money. He asked us to confirm if we had received it, which we hadn’t. He checked it out with his bank and was told it had definitely been paid and he gave us the bank details. Of course, they were not ours.

“He then mentioned the e-mail we had apparently sent in reply to his. It asked for the balance to be paid before the kitchen was collected. Unfortunately, he was in Ireland working hard and under stress, so told his partner to pay it, even though he had reservations.

“The KBSA is aware that cyber-security is a growing risk and the new, exclusive insurance package that will be launched to members before the end of this year will include cyber-cover as well as other business risks.”
Uwe Hanneck, acting chief executive, KBSA

“It turned out my e-mail and password had been hacked – and very cleverly. The scammers intercepted my e-mails, replying to them and archiving them so I never got to see them. The e-mails could only be seen in the archives on the 365 Outlook in the cloud, so if I did a search on my computer it didn’t even show up on there.

“We never send invoices over e-mail and have stopped giving bank details on e-mails, too. I hope no one else gets caught,” she added.

Meanwhile, Eco German Kitchens, which has already delivered and fitted the kitchen to the customers who were scammed, has still not managed to retrieve the £23,500 they are owed by customers who were conned into sending the money to a fake bank account.

Despite receiving a paper invoice in the post with Eco German Kitchens’ bank details, the customers chose instead to respond to an e-mail that seemed to come from the showroom’s account saying that the company had changed their bank details “effective immediately” and that the invoice should be paid there.

Sabine Searle
Sabine Searle: “Our industry is so vulnerable to cyber-fraud”

Even after the customers did pay into the scammer’s account, the bank blocked payment, but the customers pushed it through.

Director Sabine Searle has said they have offered to make Eco German Kitchens a deal and pay 50% of the cost of the kitchen, which has already been delivered and fitted. But, Searle said being out of pocket £12,000 – four months’ rent – is not an option.

“We have made them an offer to stagger the payments, but they have rejected that, telling us that we should shoulder most of the blame for this situation,” she said.

“In our terms and conditions, it states clearly that we own the kitchens unless we have received all the monies, and so as far as I’m concerned, we still own their kitchen and accept no blame.

“It’s important to say here, that these customers are professionals, educated… and it shows how vulnerable we are as an industry to cyber-scams. We sell big-ticket items to excited people. It’s a perfect recipe for criminals to take advantage.”

Uwe Hanneck, acting chief executive at the Kitchen, Bathroom, Bedroom Specialists Association (KBSA), said there were plans to introduce cyber-liability insurance later this year in response to the “growing risk”.

“Cyber-attacks and fraud are often considered something that only big business is at risk from. It is a common misconception that smaller businesses are not worth attacking and this can result in a more lax attitude from small business owners.

“The KBSA is aware that cyber-security is a growing risk and the new, exclusive insurance package that will be launched to members before the end of this year will include cyber-cover as well as other business risks.”

He signposted KBB retailers to government guides and advice to keep safe from cyber-fraud risks from the National Cyber Security Centre.

“A small business guide to cyber-security can be found here and a cyber essentials website here.”

  • Have you been affected by a cyber attack? Do you have cyber liability insurance? If you’d like to share your story, please e-mail [email protected]
  • Home > Topstory > ‘Scammers hacked our e-mail too…’