Email PDF Bank Details Changed.

Resolve

Well-Known Member
Joined
Sep 20, 2012
Messages
201
Hi,

I recently received an invoice from a client. We are both using mweb email addresses.
The PDF(Invoice) I received had a different bank account number. Still Nedbank as before though.
(I double checked and it was still the same email address they usually use)
So ONLY the bank details on the invoice changed.

First suspect would be the person that does their invoicing?
Or maybe someone has access to that mail account and was able to change the details before it was received by my.

Any other ideas or suggestions to how I should continue?
 

Nobody Important

Executive Member
Joined
Feb 18, 2010
Messages
6,800
If you want to be sure, ask for a bank-stamped letter confirming banking details. No reputable company will refuse and most have these on file.
 

Resolve

Well-Known Member
Joined
Sep 20, 2012
Messages
201
I did phone. Somewhere, somebody changed the bank details. They are still using the same account as always
 

Kosmik

Honorary Master
Joined
Sep 21, 2007
Messages
25,652
This is the most popular company scam at the moment and easy to perpetrate. It's just as easy to prevent though by a simple phone call and if changed, request a copy of the changed account on company letterhead.
 

Nobody Important

Executive Member
Joined
Feb 18, 2010
Messages
6,800
I did phone. Somewhere, somebody changed the bank details. They are still using the same account as always
They should investigate on their side as well, as they too are being defrauded. Some customers will pay based on details on invoice.

They should check the mailbox of the person who sent it. Follow the rabbit and see where it leads.
 

Resolve

Well-Known Member
Joined
Sep 20, 2012
Messages
201
This is the most popular company scam at the moment and easy to perpetrate. It's just as easy to prevent though by a simple phone call and if changed, request a copy of the changed account on company letterhead.

Question is where is the person responsible for this. I doubt it is my incoming mail and rather their outgoing mail thats somehow being intercepted because the mail address they've always used is correct.
 

Kosmik

Honorary Master
Joined
Sep 21, 2007
Messages
25,652
Question is where is the person responsible for this. I doubt it is my incoming mail and rather their outgoing mail thats somehow being intercepted because the mail address they've always used is correct.

Check the mail headers, not what it appears to be on the email. If the email actually came from them, they have a internal issue. If it was from someone else, can be many things including interception or someone going through rubbish. And there is also always the possibility of inside collusion.

Most companies would have asked you to send them the mail as a attachment as well so they can investigate the headers. Not forward, attached.
 

Resolve

Well-Known Member
Joined
Sep 20, 2012
Messages
201
Check the mail headers, not what it appears to be on the email. If the email actually came from them, they have a internal issue. If it was from someone else, can be many things including interception or someone going through rubbish. And there is also always the possibility of inside collusion.

Most companies would have asked you to send them the mail as a attachment as well so they can investigate the headers. Not forward, attached.

The company is now saying the problem is on my side.

Am I correct in saying the following.
If someone got access to my email, they can possibly delete the original email and then just send the fake one on to me BUT then I would be able to see its not from the original sender?
 

Kosmik

Honorary Master
Joined
Sep 21, 2007
Messages
25,652
The company is now saying the problem is on my side.

Am I correct in saying the following.
If someone got access to my email, they can possibly delete the original email and then just send the fake one on to me BUT then I would be able to see its not from the original sender?

Bit broad but yes. Take a email that was sent prior that you trust and look at the header compared to the one you received. It's really easy to use a phish email, something like hello@company.com <scammer@x.com> does it. The first part is the visible address and the second the actual address. Most mail filters these days will warn you.
 
Top