better banking

Businesses vulnerable to email hackers – Banking Ombudsman

13 Nov 2015

The Banking Ombudsman receives complaints every year from businesses and their customers who have been tricked into transferring money to hackers by following instructions in fraudulent emails.

“Businesses and their customers are as vulnerable to email hackers as anybody else and need to have processes in place to avoid being ripped off, says Banking Ombudsman Nicola Sladden whose office is helping promote Fraud Awareness Week (15-21 November).

“Unfortunately for the people with the complaint, our investigations often reveal that the bank has acted appropriately as they are usually following the instructions of their duped customers.

“These scams can be very convincing.  Many people – including businesses - have lost significant amounts of money and are traumatized by the experience.  And because of the way the fraud is carried out, most people won’t get their money back,” Ms Sladden said.

In one such case, a family-run exporting business ran into trouble when its usual product supplier was out of stock.  In an email exchange, the business took up the offer of its supplier finding another contact to provide the required materials.

The deal was subsequently done, and invoice paid when the family received another email from its usual supplier querying why its invoice was still outstanding.  The business believed that at some stage the emails between it and the supplier were hacked, and the hacker took on the supplier’s personality and the business followed the instructions to pay the hacker.

“Because of cases like this, we have recently updated our Quick Guide on Common scams affecting bank customers. It now highlights people should, as a matter of course, check with the person they think they are corresponding on email - via another form of communication to double-check things are legitimate.

“We all need to be up-to-date with how criminal activity and techniques can affect them personally. Businesses and their customers especially need to know the risks associated with storing documents on email accounts, and regularly clear out information that could be used to verify their identity,” Ms Sladden said.

Be on guard at all times with your banking by taking the following precautions, which apply to everybody, not just businesses:

  • make sure you know who you’re dealing with.  Do an internet search and look for reviews, check Consumer Affairs’ scam alert website, ask for a physical address you can check, and look the company up on the Companies Register
  • check with someone independent and trustworthy before you commit to anything
  • do not give out account details unless the business is established and trusted
  • never accept money into your account for subsequent transfer to others
  • never give out your password
  • check your accounts regularly to ensure money is only going to the right places
  • report any likely scams to your bank and Consumer Affairs via its website
  • if you are emailing somebody about financial matters involving transferring money, check the arrangements with the person using a means of communication other than email
  • contact your bank immediately if you suspect you have been scammed.  It may be able to reverse the charges but it may not be able to if you have authorised the payment.

If you are not satisfied with your bank’s response, contact the Banking Ombudsman Scheme to see if we can help you.