Fraud

Paige Sloan
Paige Sloan Member Posts: 4
edited August 2023 in Accounts Hosted
Fraud - We have had invoices sent from Reckon changed and fake bank details put on our invoices. Our customer paid over $50,000 into a frauds bank account. This is the second time this has happened. I spoke to Reckon last time and they said it must be a fault at our end. This is impossible as all invoices are sent through Reckon. Has anyone else had this issue?

Comments

  • Eric Murphy
    Eric Murphy Member Posts: 214 ✭✭✭
    edited September 2020
    This has become a common angle of attack based on some of the news I've seen lately where your local email account is targeted. I'd suggest changing all your passwords and adding further security on your email or network. Perhaps speak to the police as well?
  • Paige Sloan
    Paige Sloan Member Posts: 4
    edited September 2020
    Yes have done all of the above the first time this happened, unfortunately it has occurred again.
  • Eric Murphy
    Eric Murphy Member Posts: 214 ✭✭✭
    edited September 2020
    Sorry to hear. It might be of little comfort at this stage but maybe check out the info from scamwatch. https://www.scamwatch.gov.au/news-alerts/business-email-compromise-scams-cost-australians-132-million
  • Kris_Williams
    Kris_Williams Member Posts: 3,272 Reckon Accounts Hosted Expert Reckon Accounts Hosted Expert
    edited September 2020
    I saw this happen once with an old desktop version many years ago, and it wasn’t an inside job from the Reckon side of things. The email was intercepted somehow
  • Kris_Williams
    Kris_Williams Member Posts: 3,272 Reckon Accounts Hosted Expert Reckon Accounts Hosted Expert
    edited September 2020
    The above link confirms what we read at the time 
     “Scammers intercept legitimate invoices and change the details to include fraudulent payment information. The recipient will pay the invoice as normal and not realise they have been scammed.”
  • Rav
    Rav Administrator, Reckon Staff Posts: 15,305 Community Manager Community Manager
    edited September 2020
    Hi there Paige,
    I'm really sorry to hear of this situation particularly as its not the first occasion as you've mentioned.

    We have come across a similar instance like this previously and as Eric & Kris mentioned above, it was likely due to the email account being targeted and intercepted as opposed to a breach with the Reckon Accounts Hosted service itself. We're extremely confident in the integrity and security of the Hosted platform, however something like this happening is obviously alarming.

    Now in saying that, we're more than willing to investigate whatever we can on our end of this. If you still have access to the email(s) we need to obtain it as an attachment (not a forwarded copy) so that the headers and content are intact. If you're able to do that, send it through to me at community@reckon.com ATTN: Rav 

    As has been mentioned as well in this thread already, its really important to secure all components involved in this process and that includes email accounts, Hosted logins and any other services. If you have a old, short or non-complex password for any services, its best to review this on a regular basis and update them.


    ℹ️ Stay up to date with important news & announcements for your Reckon software! Click HERE for more info.

  • Bruce
    Bruce Member Posts: 439 Professional Partner Professional Partner
    edited September 2020
    I've experienced intercepted emails in the past (nothing to do with Reckon).

    As a consequence whenever a supplier's bank account changes I always ring and get independent confirmation of the new bank account details.   Other than giving me peace of mind, this approach hasn't saved me from any fraud but it has saved a mate from losing $20k.

    Unfortunately, this doesn't help Paige, but I believe that it is a good habit and sound business practice.  
  • Paige Sloan
    Paige Sloan Member Posts: 4
    edited September 2020
    Hi Rav,

    I have sent you the requested info and hope that i hear back from Reckon. At the moment a total of $90,000 of invoices have been altered and all of these invoices were sent from Reckon hosted directly. I certainly hope this  investigation is taken seriously from Reckon. This security breach can cripple small business and we cant afford for it to happen a 3rd time. We are now looking into Xero.
  • Paige Sloan
    Paige Sloan Member Posts: 4
    edited September 2020
    Hi Bruce,

    Yes that is a good practice, unfortunately not everyone follows through with that.
     ?
  • jennifer byrne
    jennifer byrne Member Posts: 35
    edited September 2020
    Why not send them by company email and not Reckon

  • PhuongDo
    PhuongDo Reckon Developer Partner Posts: 314 ✭✭✭
    edited September 2020
    Hi Paige,

    Sorry to hear the problem that you have. I have nothing to say but moving to Xero might not prevent it from happening the 3rd time for you.


    Phuong Do / Reckon Developer Partner

    phuong@cactussoftware.com.au


  • Eric Murphy
    Eric Murphy Member Posts: 214 ✭✭✭
    edited September 2020
    Exactly right Phuong. While the situation is quite unfortunate, from all indications its not a Reckon problem so changing the service won't address the cause.

This discussion has been closed.