Email PDF Bank Details Changed.

[Resolve]

Hi,

I recently received an invoice from a client. We are both using mweb email addresses.
The PDF(Invoice) I received had a different bank account number. Still Nedbank as before though.
(I double checked and it was still the same email address they usually use)
So ONLY the bank details on the invoice changed.

First suspect would be the person that does their invoicing?
Or maybe someone has access to that mail account and was able to change the details before it was received by my.

Any other ideas or suggestions to how I should continue?

 

[Suspect99]

Phone the client to confirm his banking details?

 

[Nobody Important]

If you want to be sure, ask for a bank-stamped letter confirming banking details. No reputable company will refuse and most have these on file.

 

[Recallza]

Definitely phone the client to confirm banking details. Lots of fraud is committed by intercepting an email.

 

[Resolve]

I did phone. Somewhere, somebody changed the bank details. They are still using the same account as always

 

[Kosmik]

This is the most popular company scam at the moment and easy to perpetrate. It's just as easy to prevent though by a simple phone call and if changed, request a copy of the changed account on company letterhead.

 

[Nobody Important]

I did phone. Somewhere, somebody changed the bank details. They are still using the same account as always

They should investigate on their side as well, as they too are being defrauded. Some customers will pay based on details on invoice.

They should check the mailbox of the person who sent it. Follow the rabbit and see where it leads.

 

[Resolve]

This is the most popular company scam at the moment and easy to perpetrate. It's just as easy to prevent though by a simple phone call and if changed, request a copy of the changed account on company letterhead.

Question is where is the person responsible for this. I doubt it is my incoming mail and rather their outgoing mail thats somehow being intercepted because the mail address they've always used is correct.

 

[Kosmik]

Question is where is the person responsible for this. I doubt it is my incoming mail and rather their outgoing mail thats somehow being intercepted because the mail address they've always used is correct.

Check the mail headers, not what it appears to be on the email. If the email actually came from them, they have a internal issue. If it was from someone else, can be many things including interception or someone going through rubbish. And there is also always the possibility of inside collusion.

Most companies would have asked you to send them the mail as a attachment as well so they can investigate the headers. Not forward, attached.

 

[Resolve]

Check the mail headers, not what it appears to be on the email. If the email actually came from them, they have a internal issue. If it was from someone else, can be many things including interception or someone going through rubbish. And there is also always the possibility of inside collusion.

Most companies would have asked you to send them the mail as a attachment as well so they can investigate the headers. Not forward, attached.

The company is now saying the problem is on my side.

Am I correct in saying the following.
If someone got access to my email, they can possibly delete the original email and then just send the fake one on to me BUT then I would be able to see its not from the original sender?

 

[Kosmik]

The company is now saying the problem is on my side.

Am I correct in saying the following.
If someone got access to my email, they can possibly delete the original email and then just send the fake one on to me BUT then I would be able to see its not from the original sender?

Bit broad but yes. Take a email that was sent prior that you trust and look at the header compared to the one you received. It's really easy to use a phish email, something like hello@company.com <scammer@x.com> does it. The first part is the visible address and the second the actual address. Most mail filters these days will warn you.