How to prove you are NOT the hacked party?

[raind33r]

Scenario:
Person1 sent an email to person 2, via gmail, with 3 PDF attachments - proof of bank detail, I.D., proof of address.
Person 2 forwards this email to person 3.
Person 3 has to pay out an amount to the account number provided.

Somewhere along the line the email was intercepted and the PDf with bank account no. was altered.

Person 3 paid money as per the document they received, obviously the hacker account. Poof! money gone!

Person 3 is now blaming person1 (saying email was intercepted)
How does 1 prove that the email was not intercepted? It can just as well be at 2 or 3.

Are there companies that does this kind of investigations in S.A. ?

 

[gregmcc]

Any bank details should have been sent with a signed email. This way you can guarantee that the mail was not altered. Without that your email is at risk anywhere along the route

In the above email, could have been altered by person 2,3, or by someone gaining access to person 2,3's account.
Which email provider is person 3 using?

 

[raind33r]

Google header shows... Received: from outgoing24.jnb.host-h.net 129.232.250.48

 

[Alton Turner Blackwood]

Person 3 never paid the money.

 

[raind33r]

Person 3 never paid the money.

Actually -they did. Confirmed by bank. But to the fraudulent account no.

 

[syntax]

A forensic investigation company would be able to follow and prove where the intercept occurred.
This might not make a difference depending on who is responsible for providing the correct details, why was the email forwarded to person 2 and what is their responsibility

 

[raind33r]

[MENTION=58431]syntax[/MENTION], this has to do with the payout of an deceased estate. Person no. 2 was the person identified to get all parties involved detail and forward to attorneys. Instead of everyone dealing individually with the attorneys, which in hindsight might have been better.

I guess a forensic investigation aint cheap. Now have to weigh up whether the cost of such an investigation is worth it in relation to the money paid out.
I have a suspicion the attorneys were hacked, as they deal with this type of thing (large amounts of money from deceased estates) all the time, hence they would be a target.
Why would a random person (person 1 or 2) just forwarding something once be a target, how would the hacker even know about this person? Very unlikely.

 

[MrGray]

If you compare the PDFs from the sent folder of person 1 vs person 2 vs that in the inbox of person 3 it should be possible to establish if it was altered or not, and at which point?

 

[RoganDawes]

If you compare the PDFs from the sent folder of person 1 vs person 2 vs that in the inbox of person 3 it should be possible to establish if it was altered or not, and at which point?

This is probably the easiest place to start.

But yes, I have seen several instances where attorney's email accounts were hacked, and emails intercepted or redirected, resulting in account numbers being substituted.

When checking the sent emails, make sure that the recipient address is in fact correct. Often, these sort of hacks are a result of "autocomplete poisoning". i.e. the attacker sends the victim an email that appears to be legitimately from a known correspondent (i.e. uses the same display name), but has a different source address. The victim responds to the sender, making that address the most recent autocomplete for the sender name. Next time the victim tries to send an email to the name, their email client autocompletes it from the most recent list, which is the incorrect address. Attacker then receives the email, modifies it appropriately, and forwards it on, potentially achieving a man in the middle position if they use their own address as the sender, or at the very least, faking the victim as the sender.

 

[syntax]

[MENTION=58431]syntax[/MENTION], this has to do with the payout of an deceased estate. Person no. 2 was the person identified to get all parties involved detail and forward to attorneys. Instead of everyone dealing individually with the attorneys, which in hindsight might have been better.

I guess a forensic investigation aint cheap. Now have to weigh up whether the cost of such an investigation is worth it in relation to the money paid out.
I have a suspicion the attorneys were hacked, as they deal with this type of thing (large amounts of money from deceased estates) all the time, hence they would be a target.
Why would a random person (person 1 or 2) just forwarding something once be a target, how would the hacker even know about this person? Very unlikely.

They dont have to be expensive, I would estimate around 10 - 15k

It is more likely the attorneys were targeted, this is extremely popular at the moment.

 

[raind33r]

My thoughts exactly. But of course they will go in full denial mode.
Hence I'll need to prove it was not my side.
They even have this in their email footer...which leads me to believe this is not an isolated incident.

*
PLEASE NOTE, DUE TO INTERNET FRAUD AND HACKING:

WE WILL NEVER CHANGE OUR BANKING DETAILS VIA EMAIL. PLEASE IGNORE ANY ADVICES WITH REGARDS TO AMENDED BANKING DETAILS WHICH APPEAR TO COME FROM OUR OFFICES. SHOULD YOU HAVE ANY QUERIES, PLEASE CONTACT OUR OFFICES AND SPEAK DIRECTLY TO THE PERSON CONCERNED BEFORE MAKING ANY PAYMENT(S). SHOULD YOU MAKE PAYMENT BASED ON A FRAUDULANT EMAIL, OUR OFFICES CANNOT BE HELD RESPONSIBLE FOR ANY LOSSES INCURRED. WE WILL ALSO NOT MAKE PAYMENT INTO ANY ACCOUNT OF WHICH DETAILS HAVE BEEN SENT TO US VIA EMAIL WITHOUT PROPER VERIFICATION. ONLY ORIGINAL INSTRUCTIONS TO PAY (SUPPORTED BY A BANK STATEMENT OR CANCELLED CHEQUE) WILL BE ACCEPTED.
*

 

[raind33r]

I think I might have a case according to their own statement "WE WILL ALSO NOT MAKE PAYMENT INTO ANY ACCOUNT OF WHICH DETAILS HAVE BEEN SENT TO US VIA EMAIL WITHOUT PROPER VERIFICATION."

How was proper verification done?
Neither person 1 or the intended recipient was ever contacted.

 

[PPLdude]

Any suspicious details in the headers? Maybe try collect 1 -> 2 (If you're #3 ) or 2 -> 3 (If you're #1 )

 

[Venomous]

Scenario:
Person1 sent an email to person 2, via gmail, with 3 PDF attachments - proof of bank detail, I.D., proof of address.
Person 2 forwards this email to person 3.
Person 3 has to pay out an amount to the account number provided.

Somewhere along the line the email was intercepted and the PDf with bank account no. was altered.

Person 3 paid money as per the document they received, obviously the hacker account. Poof! money gone!

Person 3 is now blaming person1 (saying email was intercepted)
How does 1 prove that the email was not intercepted? It can just as well be at 2 or 3.

Are there companies that does this kind of investigations in S.A. ?

We recently bought a house.

Both the bond and transfer attorneys insisted that they will only provide their initial invoice and banking details to us in person at their premises.

They did later on email a final statement. However that and the fist invoice had big letters that we needed to ensure we pay to the details as we were given at their offices.

Person 2's email password might be compromised. BUT it could also be person 3's email password.

If email 3 is compromised then scammers log into web interface. DL docs. Then spoof email 2(email 2 password is NOT REQUIRED for spoofing) and email person 3 the altered docs.


(google search how to email using an alias)

 

[Venomous]

Google header shows... Received: from outgoing24.jnb.host-h.net 129.232.250.48

That seems to be hosted on a hetzner server

 

[access]

and if you compare sent and received attachments of the persons, where do the banking details differ

 

[raind33r]

and if you compare sent and received attachments of the persons, where do the banking details differ

Not gonna be that easy to obtain that. Don't think the other parties are that tech savvy to get the headers. Lawyers already trying to shift blame. So don't really know how to proceed here without it costing an arm and a leg and a kidney.

 

[access]

Not gonna be that easy to obtain that. Don't think the other parties are that tech savvy to get the headers. Lawyers already trying to shift blame. So don't really know how to proceed here without it costing an arm and a leg and a kidney.

just read what it says in the pdf attachments first.

you said the banking details in the pdf attachment were altered, so where do they first appear altered. someones inbox or someones sent items

 

[RoganDawes]

Not gonna be that easy to obtain that. Don't think the other parties are that tech savvy to get the headers. Lawyers already trying to shift blame. So don't really know how to proceed here without it costing an arm and a leg and a kidney.

How much money are we talking about here? Is R20k going to eat the entire inheritance?

Are the various parties willing to engage in discovering who is responsible, or at least, where/how the emails were tampered with?

What location are we talking about? If they are all physically close to each other, find a fairly techie person to go to each one and get the mail headers and attachments for each mail in question. Detailed investigation can then be done to identify discrepancies.

 

[raind33r]

How much money are we talking about here? Is R20k going to eat the entire inheritance?

Are the various parties willing to engage in discovering who is responsible, or at least, where/how the emails were tampered with?

What location are we talking about? If they are all physically close to each other, find a fairly techie person to go to each one and get the mail headers and attachments for each mail in question. Detailed investigation can then be done to identify discrepancies.

50k

I'm 1 of the 3 parties, I'm sure I can convince another as it's family, no.3 might be an issue (lawyers)

2 Towns in WCAPE
1 suburb in Johburg