Our Business lost $190,000 when our supplier’s email was hacked

We were the victims of an email hacking scam. The scammers appear to have hacked a supplier’s email and advised us of a change in bank details. The scammers sent us invoices with amended bank details as well as the prior email trail to and from the supplier, so they must have been in the supplier’s IT system. Everything was a perfect copy of a real version of the invoices we were so used to. We didn’t notice the difference.

Thinking it was real, we sent an amount of $190 000 but the real supplier never received it. The email address was also correct for the supplier, but they told us that they did not receive our responses. The scammers seem to have some way of hiding our responses from the supplier. We didn’t find out about this until our supplier contacted us via phone to talk about not receiving the money.

Signs this was a scam

  • The change in bank details was the only sign that this was a scam.
  • Scammers often pose as one of your regular suppliers and tell you that their banking details have changed. They may tell you they have recently changed banks, and may use stolen letterhead and branding or even hacked emails to convince you they are legitimate.
  • The scam was difficult to spot, as the invoices looked entirely genuine and the scammers had included copies of previous invoices. The business even checked that the email address of the sender matched the supplier’s email address.

Avoid this type of scam

  • Contact the supplier directly using a second, reliable mode of communication such as a known phone number to verify any request to change bank details.
  • Consider a multi-person approval process for transactions over a certain dollar threshold with processes in place to ensure the business billing you is the one you normally deal with.
  • Prevent your IT systems from being compromised. Keep your IT security up-to-date by regularly patching your systems and running antivirus software, and have a good firewall to protect your data.

Credit: scamwatch.gov.au