Invoice Fraud

  • 2
  • Question
  • Updated 2 weeks ago
Curious to know, last week I emailed a new customer an invoice - the invoice went to their junk email - but the invoice had been changed, someone has intercepted the email and added their bank details they had made a note also on the email that the customer should change the banking details . This invoice was for $45000, our customer paid the $45000 to the newly noted bank details. My invoice was email straight out of reckon accounts hosted. Have spoken to support for 2 hours with a nil reason as to how this has happen, (except, maybe someone from my office changes the invoice template, I am the only person to use the account program!) The incident has now been forwarded to the police,.I am still questioning why reckon invoices are still going to customers junk mail? How do I prevent this happening again. - But also very wary of my existing customers.
Photo of Kathy

Kathy

  • 258 Points 250 badge 2x thumb

Posted 2 weeks ago

  • 2
Photo of Catherine Healy

Catherine Healy

  • 180 Points 100 badge 2x thumb
Hi, this happened to me as well. My emails were hacked and the hacker got into my reckon invoice and changed my bank details. My customers made a fraud dispute with their banks. It does't look like I will get my money. I reported it to the fraud police as well, but apparently it is up to the discretion of the Bank to pay to the correct account for me to get my money. 
OHH bad !!!!!!
Cosmic  Invoice may be able to help following ways:
1. Assured Acknowledgement from the receiver
2. Your  email name is shown as the sender not Reckon Hosted.
3. Stripe payment  which is secured PCI compliant  online payment method


 I don't know if what we offer may be a better option.

If you need to know further please call me : CHANDRA 0407068942
Photo of Kathy

Kathy

  • 258 Points 250 badge 2x thumb
Oh no, this is only invoice, that has been changed as far as we are aware. this could ruin a small business, we have a program specialist looking into the issue.
Photo of Lee

Lee

  • 372 Points 250 badge 2x thumb
Kathy, sorry to hear about this. What a distressing time for your business.

Was your invoice sent direct from Reckon or from your email system? 

Many thanks.
Photo of Kathy

Kathy

  • 258 Points 250 badge 2x thumb
The invoice was sent direct from reckon.

Photo of Rav

Rav, Community Manager

  • 57,814 Points 50k badge 2x thumb
Hi Kathy,
I believe a senior technician has been trying to get in touch on a couple of occasions today but has missed you. Can you let me know an appropriate time for the team to give you a buzz and I'll pass this through.
Photo of Kathy

Kathy

  • 258 Points 250 badge 2x thumb
now!
Photo of Catherine Healy

Catherine Healy

  • 180 Points 100 badge 2x thumb
Bcc doesn't let you know if there is an intersept with emails. It didn't let me know of the fraud intercept.
Photo of Toni

Toni

  • 2,322 Points 2k badge 2x thumb
I was not meaning that BCC will stop fraud - its just another way to ensure there is a track of everything I send from Reckon... The thing with fraud is that, it is always the victim of the fraud that has to prove it before they get their money back.  

(Edited)
Photo of Gillian

Gillian, Accredited Partner

  • 860 Points 500 badge 2x thumb
HI Kathy,

This happened to a QBO (Intuit) file as well. I also know that a fellow colleague has told me they know of this happening in MYOB file as well. The recipient of the emails need to be very careful of the sender address - it can be 1 letter different, but it will not be from the correct address. The only thing that can be done is to issue an email to all your customers saying that any change of bank acc needs to be verified by a phone call.
Scammers are forever coming up with new ways.

Gillian
Photo of SueMax

SueMax, Accredited Partner

  • 92 Points 75 badge 2x thumb
Great tip Gillian, 
Pretty much everything can be hacked these days so I'm not sure how the software providers can GUARANTEE sensitive information is not at risk.
Photo of Toni

Toni

  • 2,322 Points 2k badge 2x thumb
NEED RESPONSE FROM RECKON 
I am weary of how we send emails through Reckon as it is as there is not alot of tracking - (hence i bcc - every invoice / statement etc to my email )
Users need to be assured their information is secure.
(Edited)
Photo of Gillian

Gillian, Accredited Partner

  • 860 Points 500 badge 2x thumb
Hi Toni,

The bcc of an invoice will not stop this process described...I have seen it in action from other software. The only thing is that ALL users notify their customers of bank details change protocol and to double check via ph. Also to please check sender email address before opening invoices.
Its a sad world out there sometimes!

Gillian
Photo of Toni

Toni

  • 2,322 Points 2k badge 2x thumb
I  explained my use of Bcc further up the page - I use it for tracking and am aware it does not stop the fraudulant events from happening.  It would be good to get some reassurance from Reckon that our information is secure.
Photo of Davo

Davo

  • 110 Points 100 badge 2x thumb
Whilst fraud is never good when involved I'll share my own experience.
In my day job (we don't use Reckon but that's irrelevant), if a supplier changes bank details via letter/email or changed details on an invoice, we send a form to formally change bank details. Then when the form comes back I, as Finance Manager, ring the supplier to verbally verify details. It was during one of these calls a supplier appreciated my call as he recently was victim to this similar scam.
What happened is that the fraudsters were intercepting the email from a removalist company so they knew that the removalist had quoted for a job, the job was done and an invoice was going to be sent. Before the legitimate invoice was created by the removalist the fraudsters sent an email with an identical invoice template attached from a very similar email address as the removalist and the guy paid up. It was only later in the day that he received the legitimate invoice that he rang them to discover the fraudulent invoice but it was too late.
So I think it is irrelevant which accounting system is used, or if the original went to spam, the fraudsters actually intercept and monitor the emails and copy invoice templates and pounce at the right (wrong!) time.
David
Photo of Rav

Rav, Community Manager

  • 57,814 Points 50k badge 2x thumb
Hi Kathy,I'll send you and email shortly in relation to the situation you've highlighted here as we'd like to investigate further.If you can please take a look and get back to me directly.CheersRav