Fraud

Paige SloanPaige Sloan Member Posts: 4
edited September 8 in Accounts Hosted
Fraud - We have had invoices sent from Reckon changed and fake bank details put on our invoices. Our customer paid over $50,000 into a frauds bank account. This is the second time this has happened. I spoke to Reckon last time and they said it must be a fault at our end. This is impossible as all invoices are sent through Reckon. Has anyone else had this issue?

Comments

  • Eric MurphyEric Murphy Member Posts: 121
    edited September 4
    This has become a common angle of attack based on some of the news I've seen lately where your local email account is targeted. I'd suggest changing all your passwords and adding further security on your email or network. Perhaps speak to the police as well?
  • Paige SloanPaige Sloan Member Posts: 4
    edited September 4
    Yes have done all of the above the first time this happened, unfortunately it has occurred again.
  • Eric MurphyEric Murphy Member Posts: 121
    edited September 4
    Sorry to hear. It might be of little comfort at this stage but maybe check out the info from scamwatch. https://www.scamwatch.gov.au/news-alerts/business-email-compromise-scams-cost-australians-132-million
  • ZappyZappy Accredited Partner Posts: 4,692 ✭✭✭
    edited September 4
    Paige someone has used your login details. This is where 2FA would be useful
  • Kris_WilliamsKris_Williams Member Posts: 1,190 ✭✭✭
    edited September 4
    I saw this happen once with an old desktop version many years ago, and it wasn’t an inside job from the Reckon side of things. The email was intercepted somehow
  • ZappyZappy Accredited Partner Posts: 4,692 ✭✭✭
    edited September 4
    Hmmm how could you be so confident?
  • Kris_WilliamsKris_Williams Member Posts: 1,190 ✭✭✭
    edited September 4
    The above link confirms what we read at the time 
     “Scammers intercept legitimate invoices and change the details to include fraudulent payment information. The recipient will pay the invoice as normal and not realise they have been scammed.”
  • RavRav Administrator Posts: 10,895 Administrator
    edited September 7
    Hi there Paige,
    I'm really sorry to hear of this situation particularly as its not the first occasion as you've mentioned.

    We have come across a similar instance like this previously and as Eric & Kris mentioned above, it was likely due to the email account being targeted and intercepted as opposed to a breach with the Reckon Accounts Hosted service itself. We're extremely confident in the integrity and security of the Hosted platform, however something like this happening is obviously alarming.

    Now in saying that, we're more than willing to investigate whatever we can on our end of this. If you still have access to the email(s) we need to obtain it as an attachment (not a forwarded copy) so that the headers and content are intact. If you're able to do that, send it through to me at [email protected] ATTN: Rav 

    As has been mentioned as well in this thread already, its really important to secure all components involved in this process and that includes email accounts, Hosted logins and any other services. If you have a old, short or non-complex password for any services, its best to review this on a regular basis and update them.
  • BruceBruce Member Posts: 260 ✭✭
    edited September 6
    I've experienced intercepted emails in the past (nothing to do with Reckon).

    As a consequence whenever a supplier's bank account changes I always ring and get independent confirmation of the new bank account details.   Other than giving me peace of mind, this approach hasn't saved me from any fraud but it has saved a mate from losing $20k.

    Unfortunately, this doesn't help Paige, but I believe that it is a good habit and sound business practice.  
  • Paige SloanPaige Sloan Member Posts: 4
    edited September 6
    Hi Rav,

    I have sent you the requested info and hope that i hear back from Reckon. At the moment a total of $90,000 of invoices have been altered and all of these invoices were sent from Reckon hosted directly. I certainly hope this  investigation is taken seriously from Reckon. This security breach can cripple small business and we cant afford for it to happen a 3rd time. We are now looking into Xero.
  • Paige SloanPaige Sloan Member Posts: 4
    edited September 7
    Hi Bruce,

    Yes that is a good practice, unfortunately not everyone follows through with that.
     ?
  • jennifer byrnejennifer byrne Member Posts: 44
    edited September 6
    Why not send them by company email and not Reckon

  • PhuongDoPhuongDo Reckon Developer Partner Posts: 210 ✭✭
    edited September 7
    Hi Paige,

    Sorry to hear the problem that you have. I have nothing to say but moving to Xero might not prevent it from happening the 3rd time for you.


    Phuong Do / Reckon Developer Partner

    [email protected]

  • Eric MurphyEric Murphy Member Posts: 121
    edited September 7
    Exactly right Phuong. While the situation is quite unfortunate, from all indications its not a Reckon problem so changing the service won't address the cause.

Sign In or Register to comment.