Who should bear the cost of invoice scam? The victim, the company the money was meant to be sent to, or the bank?
Invoice scamming is on the rise in Australia and between January to September this year over 28,000 false billing scam were reported to the Australian Competition and Consumer Commission’s Scamwatch, with a lost of approximately $23 million. This is a 52% increase compared to the same period last year. A couple tried to purchase a Mercedes-Benz from a dealership but transfer the money to hackers due to an invoice scam. The attackers had intercepted the invoice from Mercedes-Benz, who altered the attachment to change the bank detail and sent it from a disguised email address. The couple then made four bank transfers over a few days to the attacker’s account and emailed receipt of the transfer to Mercedes-Benz. It also only 5 days after the last transfer did a Mercedes employee alert the couple that the money was not received. The couple is now suing the dealership over the missing funds, arguing that if they had been told the first transfer was to an incorrect account, they would have taken steps to recover the payment. By the time they contacted the bank into which the funds were wrongfully transferred into, the funds had already been withdrawn by the hackers. Mercedes-Benz is claiming that the invoice scam was due to the customer’s email being compromised and that the customer did not that the verify the bank account detail were correct before making the transfer and had also failed to take reasonable steps to confirm that the money was received. The company is wanting the couple to pay again for their new car. The case is still ongoing.
https://www.theage.com.au/national/victoria/they-spent-139-000-on-a-new-car-but-got-scammed-mercedes-wants-them-to-pay-again-20231026-p5efbe.html
https://www.theage.com.au/national/victoria/they-thought-they-were-sending-139-000-for-a-new-luxury-suv-instead-it-went-to-hackers-20230908-p5e341.html
This segment was created for the It’s 5:05 podcast
https://505updates.com/2023-11-03-open-source-and-cybersecurity-headlines/