Recently, we had the client of a client of ours lose over $44,000 to a simple, easily avoidable email scam. Read more below to find out what happened and how to protect your business.
What’s a “Main in the middle” scam?
A “man in the middle” scam is usually based on email. It starts with an email from you to a client. This email is intercepted by a hacker, and the hacker then sends a follow-up email which (on the surface) looks legitimate, but is actually from the scammer.
Here’s what happened in the recent case for our client
Our client sent their client a legitimate invoice, with itemised products and bank account details for payment.
Our client’s client received a follow-up email asking them to ignore the original, with an amended invoice attached.
The client’s client paid the new invoice, unknowingly into the scammer’s bank account.
9 days later
The invoice was shown as unpaid. An investigation revealed the scam, with over $44,000 irretrievably lost.
Were there signs?
Yes, there were two easy-to-spot signs which gave this away as a scam. If our client’s client had spotted either of these two anomalies, they may have questioned the subsequent email and the scam would have been uncovered.
- The subsequent email address was different from the original, and wasn’t from our client’s domain.
- The bank account details were different from the original invoice.
What can be done to prevent this?
There are preventative measures which can be taken on both sides.
Protect Your Business
- Switch to a secure email hosting solution such as Microsoft Exchange
- Change your email passwords, especially if you suspect accounts have been compromised
- Activate multi-factor authentication for email
Protect Your Clients
- Switch to direct debit or a payment processing service
- Remove bank details from invoices
- Add cautionary text to invoices and emails, for example:
- Call us to ask for obtain bank details for payment.
- If you see bank account details on an invoice please DO NOT PAY and contact us immediately.
- Beware of scams claiming we have changed our bank details.
If you have any questions please feel free to contact us.