Connolly Suthers have dealt with, and continue to deal with, clients being caught in scamming situations. They are becoming much more common than you may think.
For example, a business has emailed a PDF tax invoice to a customer and that email has been intercepted by a scammer who has changed the account details on the PDF and have forwarded it to the customer.
The customer paid the scammer. Once the parties involved got wind of the situation, the first point of contact was the bank. However usually once the money hits the account on the other end, it is withdrawn quickly with little chance of retrieving the money. The business appears to have no recourse and must now wear the invoiced amount as well as potentially losing the customer as neither the customer nor the customer’s bank is going to cover the loss.
These types of emails used to come from someone you didn't know so you were able to recognise it but now scammers are much more savvier.
A situation like this highlights the importance of limiting the emailing of account details to anyone - even if they are in PDF format.
As a customer, the safest option to protect yourself if you are paying an invoice is to call the business, on a number listed on their website not in the email, to verify their account details.
As a business, you could provide your customers with your payment details on a business card or advise them not to transfer or deposit any money into your account without telephoning to confirm your account details.
Please be aware that hackers are also able to intercept text messages so this is not a secure option to send bank account details unless the customer telephones to confirm the account details prior to paying.
Yes these are extra steps that need to be taken however, if you do not exercise caution you could be caught in a tragic situation like this.
Should you be the victim of a business compromise email scam or cybercrime, please contact Connolly Suthers to discuss your options.