A Colchester business narrowly avoided being swindled out of thousands of pounds due to an elaborate email scam.
The company, who has asked not to be named, wrote to a customer by email asking them to pay an invoice by depositing the money into a bank account.
However, unknown to the company, hackers had intercepted all of their incoming and outgoing email message and changed the bank account details to their own account.
Luckily, the payment failed and the company was alerted when the customer called to explain the difficulties. The scam quickly came to light when the business owners realised the back account details had been changed. The total amount is said to have been in excess of £10,000.
Despite the company changing the password to their email account immediately, the hackers were able to gain access again and continue to send messages purporting to be from the company to a number of contacts.
In a similar case, a couple from Chelmsford lost £120,000 after falling victim to the scam.
It is not entirely clear how the hackers managed to hack the email account, but the business owner suspects malware may have been placed onto an office computer allowing the hackers to see the new password as it was entered.
One popular piece of malware is a keystroke logger or keylogger, which records any keys pressed on the infected computer and reports details back to the hacker.
Anyone who transfers money into another account willingly may stand to lose all of it under current legislation.
The advice is to never accept bank account details for payments via email and confirm them in person or in a telephone conversation.
There are several steps you should take if you think your email account may have been hacked:
- Change Your Password to something very secure, using letter, numbers and special characters such as * and ?
- Let Your Email Contacts Know as possible so they know to avoid opening any emails (most likely loaded with malware) that have come from you.
- Change Your Security Question – make it unpredictable and niche
- If available, Commit to Multi Factor Authentication
- Check Your Email Settings – you should check your mail forwarding settings to ensure no unexpected email addresses have been added.
- Scan Your Computer for Malware and Viruses
- Change Any Other Accounts with the Same Password
- Consider Creating a New Email Address – if all else fails, close the account and open a new one
- Make sure that your operating system is up-to-date and has all the latest security patches installed.