Invoice Fraud
Hi, I have just had a customer discover that they have been sent an invoice that came from Reckon hosted, with all our same details logo, everything, but someone had changed the banking details & the customer paid into that account. We send from Reckon, and it is going to a bigpond address, any ideas on how this could have happened and what the procedure is. The only distinguishing feature was the slight change in the font on the body of the email, but not something the customer noticed until compared to another email.
The incorrect email says from: accountshosted@reckon.com, and when you click on it it doesn't change.
Any help would be greatly appreciated!
Comments
-
As far as I'm aware, this is actually an email issue, not related to Reckon. That email address is legitimate - Reckon Accounts Hosted is "hosted" on Reckon's servers so emails have this email address by default.
However, where someone hacks into your emails & changes supplier bank details in attachments, to their own, this is a known email scam which is nothing to do with Reckon 😫
You need to get in touch with your email ISP.
0 -
Yes Sharon says it all, this scam has been around for many years, even on desktop versions, so nothing to do with Reckon.
1 -
So it’s the customers isp that is the issue or ours? I’m still confused as to where the problem has arisen
Thanks
0 -
If your bank details are being changed, it's most likely yours 😢 Get in touch with your ISP to get your systems checked/scanned & anti-virus protection updated.
It's best practice to call a supplier to confirm any changes to their bank details so I would ensure you request this in your customer communication.
Either send out specific correspondence about it or make it a default part of your email header/footer/subject going forward ! (You could explain without going into it too much eg it's come to your attention that your bank details have been compromised on email attachments etc)
0 -
Thank you so very much for all your help.
1 -
Hi there @Katrina Crute
Firstly, I'm really sorry to hear of this situation
We have come across a similar instance like this previously and as Kris & Shaz have mentioned it was likely due to the email account being targeted and intercepted as opposed to a breach with the Reckon Accounts Hosted service itself. Unfortunately, its becoming one of the more prevalent ways which scammers are utilising to defraud people and is coming up more often in the media as well, one of the more recent ones that I can recall is this terrible situation linked below - https://7news.com.au/news/wa/perth-grandmother-102-robbed-of-375000-in-elaborate-email-interception-scam-c-2374860
While we're extremely confident in the integrity and security of the Hosted platform, something like this happening is obviously alarming. We're more than willing to investigate whatever we can on our end of this. If you still have access to the email(s) we need to obtain it as a full intact attachment (not a forwarded copy) so that the headers and content are intact. If you're able to do that, send it through to me at community@reckon.com ATTN: Rav
As has been mentioned as well in this thread, its really important to secure all components involved in this process and that includes email accounts, logins (including Hosted) and any other services. If you have a old, short or non-complex password for any services, its best to review this on a regular basis and update them.
2 -
This has also happened to me. I use RA desktop product, sending invoices via Outlook. Definitely not a Reckon issue.
In my case. The receiver's email account had been hacked. Probably because the account had a weak password that had not been changed in many years.
Scammer accesses the receiver's email, edits the bank details in the PDF attachment and "re-sends" it. So the receiver actually receives the invoice twice. Second time has the modified bank details.
Fortunately my customer phoned me and queried the changed bank details, so no harm done.
1 -
Hi Rav,
How do I send you the full intact attachment if it isn't a forwarded copy? Sorry, I have to step our customer through that because I only have a forwarded copy.
Thanks
Katrina
0 -
Steve,
How do I work out which email account was hacked? if at all possible. I thought that because the emails were being sent from Hosted that they were secure and our email address wasn't involved... so confused!
0 -
Katrina. The hacked account is probably the receiver of the email.
IE your customer's email account. At the very least must change the password for that email account. They may need professional help local to them.
2 -
Hi Katrina,
As Steve and others have mentioned its highly likely that its the recipient (your customer) that has been compromised rather than you. Info from Scamwatch here - https://www.scamwatch.gov.au/types-of-scams/buying-or-selling/false-billing
As I mentioned though, we're happy to do a check on this and I'll link some info available online that explains how to add emails as attachments here - https://www.lifewire.com/forward-email-as-attachment-outlook-1173689
The team will also need your Reckon Accounts Hosted username/user ID and the date & time of this specific email being sent from you. We'll compare that to the attachment you obtain from the customer.
If they haven't already, it might also be advisable for your customer to get in touch with the police as well.
0 -
Hi Rav,
Thanks, we have reported it through Cyber Crimes, we are following up with Westpac as it was their bank that was used.
I will get all the information for you.
Thanks again
1 -
Thanks Rav, Information sent to Reckon
0
