Funds disappear after offshore email hack
- Posted by Duografik
- On February 10, 2020
- 0 Comments
- cashflow, cashflow finance, customer invoice finance, cyber security, debtor finance, email hack, off-shore, Small business
It was a normal Wednesday afternoon, one of our Managers had just finished funding for the day and turned their attention to an unusual email.
The email had been received a few days earlier and included an attachment containing a remittance for which the payment had not been received. The amount was for a little over $30k. AddCash has a great relationship with the Client having helped them to start up their business two years earlier. We had been happily dealing with the their Customer for almost six months.
The remittance didn’t specify the bank account being paid and despite having received payments correctly for many months the AddCash Manager phoned the Client to check if the money had hit any of their other business bank accounts. The Client was busy and not overly concerned, they had no reason to be. They said they would look into it.
A second remittance for almost $20k was received overnight and emailed to the Client. The confusion started to set in, and the Client responded:
“None of these amounts have been received in our account …. are they saying they have been paid?”.
Confusion quickly turned to panic. The Client had contacted their Customer who confirmed the payments were made as shown by the remittances. They provided a copy of an invoice received by email a month earlier displaying a different BSB and Account Number.
The Client sends their invoices directly from their cloud-based accounting software. They were adamant they had not made any changes and quickly confronted the AddCash Manager. Understandably, as AddCash does have access to their online software.
The AddCash Manager calmly explained that our policy is only to have read-only access to client’s online software and that there is an event log which provides a full audit trail of changes made by each user. The Client’s review substantiated there had been no amendments by anyone, and the bank account details remained correct and unchanged.
With this new information, the AddCash Manager started to work the problem with the Client. How long has this been going on for? Which Customers have been targeted? How much money has been lost? Who and what has been compromised?
Every single Customer had to be contacted both by phone and email to advise the bank account details, which had not changed, and to check what Customers believed had and had not been paid. Early responses didn’t uncover anything suspicious.
As the exercise continued, the Client turned their attention back to the original Customer and shared with them the discoveries. They made no secret about how distressed they were by these unfolding events. The Customer undertook to make their own investigations.
Friday just after 2 pm, nearly 48 hours later, we discovered what had happened. The Customer informed us:
“As discussed we have investigated this and unfortunately one of our staff’s email address was hacked from overseas last month and the invoice amended with an alternate bank account. The bank account was updated then and all further invoices were paid into this account. Our bank has managed to recover $40k of the $50k paid for us and we should receive this early next week. Once we have received this we can pay to you. We are following up the remaining $10k with our insurance providers and will keep you updated on the progress of that.”
Fortunately, the alternate bank account was already under surveillance. Large sums of money were being receipted into the account from all over the country and immediately being sent offshore. The account had been frozen that week and recent transactions were recovered. On the Monday the Customer’s CFO approved payment of $40k back to the Client, the balance has since been recovered and the Client and Customer continue to trade with each other.
The Client was very lucky. Through no fault of their own, they suffered a huge disruption to their business. Had the money been lost it had the potential to ruin them.
AddCash has witnessed many similar events in recent times. Cyber threats are serious and growing and will change the way businesses are assessed for finance by all Lenders. Asset values and serviceability will not be enough. Lenders will require assurances that money will not disappear.
Please contact us should you like to more about how AddCash Customer Invoice Finance can assist your business.