Builder fraud: ‘I lost £10,800 in email scam’

The Daily Telegraph - Your Money - - YOUR MONEY -

First came “so­lic­i­tor fraud”, where con­men in­ter­cepted emails be­tween prop­erty buy­ers and con­veyancers di­vert­ing huge sums to the wrong ac­counts. Now this form of life-de­stroy­ing crime has widened out to other, big-ticket trans­ac­tions, in­clud­ing home ren­o­va­tions and build­ing work.

The scam is the same: fraud­sters im­per­son­ate a party in­volved in the trans­ac­tion and re­quest that the pay­ments are sent to an ac­count con­trolled by crim­i­nals. And be­cause vic­tims of such scams tend to pay by bank trans­fer, which of­fers no pro­tec­tion if things go wrong, the banks are able to wash their hands of re­spon­si­bil­ity. Tele­graph Money is now re­ceiv­ing nu­mer­ous emails from read­ers who have dis­cov­ered they have paid thou­sands of pounds to a crim­i­nal in­stead of the trades­man work­ing on their home.

Fraud­sters tar­get build­ing firms which may not have se­cure sys­tems and could be us­ing the same pass­word for mul­ti­ple on­line ac­counts, said Owen Quinn, a cy­ber se­cu­rity re­searcher at Equiniti, the tech­nol­ogy and fi­nan­cial ser­vices firm. Crim­i­nals find builders’ email ad­dresses on­line, and run these through soft­ware to see if there are any known passwords as­so­ci­ated with the ac­counts. If they get the cor­rect passwords, fraud­sters can then ac­cess the email ac­counts and send emails pur­port­ing to be from the builder. By read­ing through pre­vi­ous email ex­changes they can quickly find ways to trick cus­tomers into mak­ing pay­ments to des­ig­nated ac­counts. Emails can also be deleted. Builder in­voice fraud may not in­volve sums as large as those with prop­erty sales, but losses can still be life-chang­ing. Fraud­sters tricked lawyer Arthur Mullinger into pay­ing £10,800 into their Lloyds ac­count af­ter pos­ing as the trades­man work­ing on his third floor ex­ten­sion.

Mr Mullinger, 64, said he had been ex­pect­ing an in­voice and had no rea­son to be­lieve that fraud­sters had set up an email in the name of his sub­con­trac­tor. He was in France at the time and made the pay­ment on July 10 by bank trans­fer into the crim­i­nal’s Lloyds ac­count. The fraud­sters struck again the next day, this time pos­ing as Mr Mullinger’s builder, and re­quested an­other £11,000 be paid into a Bar­clays ac­count.

Mr Mullinger said he wasn’t sus­pi­cious but as the in­voice came out of the blue, he waited un­til he re­turned home and spoke to the builder.

They dis­cov­ered the builder’s email ac­count had been hacked. Mr Mullinger alerted his bank, Bar­clays, about the at­tempted fraud. Later that day, when Mr Mullinger met the sub­con­trac­tor who said he had yet to be paid, the rest of the scam was un­cov­ered. Mr Mullinger con­tacted Bar­clays again and it said it would con­tact Lloyds to see if there were any funds re­main­ing. He said he also hoped that Bar­clays would in­ves­ti­gate the sec­ond ac­count. How­ever, Bar­clays told Mr Mullinger that as no funds had been trans­ferred, the in­ves­ti­ga­tion would be lim­ited. In a let­ter seen by Tele­graph Money, the bank said that it could do noth­ing more than “ap­ply nec­es­sary cau­tions and re­view the ac­count”. Bar­clays also said it only shared in­for­ma­tion with the po­lice if asked.

Mr Mullinger said: “The fraud­ster’s not just some per­son who’s sat there and struck lucky. They’re prob­a­bly set­ting up hun­dreds of ac­counts that are get­ting past the banks’ checks. I would’ve thought Bar­clays would have wanted to show me it had done all it could to pre­vent the fraud and to stop it hap­pen­ing again.”

A spokesman said the bank took steps to en­sure there were no loss of funds by any in­tended vic­tim and in­for­ma­tion has been shared with UK Fi­nance, which rep­re­sents 300 fi­nan­cial firms, in or­der to pre­vent ac­counts be­ing opened with the same iden­tity. tricked by a sim­i­lar scam. Mr Rogers, from Maid­stone, Kent, be­lieves fraud­sters had been in­ter­cept­ing emails be­tween him and the builder in charge of his ex­ten­sion for a while be­fore they made their move.

It was not un­til the fi­nal pay­ment of £5,872 was due that he re­ceived an email telling him the bank de­tails had changed. Mr Rogers, 41, said he was busy at the time and thought noth­ing of it. He made the trans­fer to the new San­tander ac­count. He texted the builder two min­utes later to let him know where he had paid the money but the builder did not re­spond un­til that even­ing. It was then that the ruse was un­cov­ered.

Mr Rogers, who works for a fresh pro­duce sup­plier, re­ported it to his bank, Lloyds, im­me­di­ately. He also con­tacted San­tander about its crim­i­nal cus­tomer. The bank re­fused to take any de­tails and told him it would need to be con­tacted by his bank.

Mr Rogers, who had a crime ref­er­ence num­ber at this point, said he ques­tioned San­tander: “I re­mem­ber say­ing: ‘Just to be clear, you are not in­ter­ested in know­ing that an ac­count at your bank is be­ing used fraud­u­lently?’” The San­tander call han­dler said no de­tails could be taken. “It just goes to show the banks don’t care,” said Mr Rogers.

In both of these cases, the banks re­fused to re­im­burse the funds that had al­ready left the fraud­sters’ ac­counts. In both cases this was the en­tire sum.

How­ever, af­ter pres­sure from this news­pa­per, Lloyds in­ves­ti­gated Mr Rogers’ case and found that it had de­layed re­triev­ing the money. It has agreed to re­im­burse Mr Rogers £5,872 (the full amount he trans­ferred) plus £300 com­pen­sa­tion.

San­tander said it was “re­gret­table” that it “sim­ply re­ferred Mr Rogers back to his own bank” with­out tak­ing any de­tails that might have been help­ful to its fraud depart­ment. It apol­o­gised to Mr Rogers and has of­fered £100, with no ad­mis­sion of li­a­bil­ity.

How­ever, Mr Mullinger’s bank, Bar­clays, said be­cause the pay­ment was au­tho­rised it would not of­fer a re­fund. It said it con­tacted Lloyds as soon as it was alerted but could not re­cover any funds.

Pay­ing for your new ex­ten­sion via email and bank trans­fer could ex­pose you to crim­i­nals, says Amelia Mur­ray ‘It just goes to show the banks don’t care’

Arthur Mullinger was the vic­tim of email hack­ing fraud, pay­ing £ 10,800 into a con­man’s ac­count

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.