Hacker uses fake invoice to steal $53,000 earmarked for child care centre

Tuesday, 21 August 2018

Taranaki family loses thousands after their email account was hacked.

A woman building a child care centre lost $53,700 after a computer hacker posed as a contractor and sent her a fake invoice.

Anna Ryder of Lepperton in North Taranaki, had made the payment to her father, Paddy Bradford, who was paying suppliers and contractors from his own bank account.

Unbeknown to Ryder or her father, a hacker had intercepted an invoice the contractor had already sent to Bradford.

Anna Ryder believed she had paid a contractor $53,000 for work done. Instead the money went into a hackers bank account.

The hacker had then copied it, added a new Dunedin bank account number and emailed it back to Bradford.

**READ MORE:

Retired Lepperton couple Millie and Paddy Bradford are using retirement savings to help build new child care centre.

* Scammers are going to try access your computer. This is what you need to know**

*** [Elaborate scam hits New Zealand's building industry

New Zealanders had lost $865,000 from fake invoices so far this year.

](https://www.stuff.co.nz/business/80586622/Elaborate-scam-hits-New-Zealands-building-industry)*** Warning for invoicing charities 'more than they could bear'

Neither Ryder or Bradford noticed the supplier's email address, though not his name, had been slightly altered on the fake invoice.

Their suspicion was only raised when Bradford was asked to make two payments - $40,000, and $13,700 - in emails from the hacker, posing as the contractor.

Then, after the payments had been deposited, the real contractor began asking where the money was.

'The emails from the hacker sounded pushy and not from the contractor who we knew, and that raised our suspicions as well,' Ryder said.

Ryder said both the police in New Plymouth and Spark were investigating the incident but there was little chance of the money being recovered.

'Police told us the money would have been transferred offshore,' Ryder said.

'Somehow the hackers got into my father's email and were able to access emails from his inbox. Every email he was getting was being hacked.

'All dad saw was the fake invoice copy, and the contractor's name but not the address which had been changed.'

Ryder said forensic cleaning showed only her fathers computer was hacked.

Her parents are now borrowing from their retirement savings to pay contractors and keep the construction of the child care centre on schedule.

'My parents have been amazing but it has been a very hard time for all our family.'

Ryder wanted to warn others of the invoice scam.

'It is really important to understand this can happen really easily to anyone…it is the perfect crime.'

Paddy Bradford called the hacking an 'intrusion of privacy.'

'It is so remote you can't track it like you can if you have car stolen,' he said.

'The money had been hard earned over many years and then somebody can come and take it overnight,' Bradford's wife, Millie said.

'I'd like to catch the bugger who did it.'

A Spark spokeswoman said it had taken steps to secure the customer's email but could not easily identify hacker as they were operating off a Yahoo email that is unconnected to Spark.

'We are working with the customer to see if they can help identify any information that would give our email and security teams a starting point for investigations that might aid the police.

Spark was only able to provide the kind of information directly to police where they have a warrant in place, she said.

Spark had not noticed a trend towards invoice fraud.

'Scammers are changing their tactics all the time, so we encourage people to be vigilant,' the spokeswoman said.

'People are at a higher risk of invoice fraud once a scammer has access to your email as this will give them information about your circumstances that makes it easier for them to trick you.

'It's therefore vitally important to keep your email secure.'

Regularly changing passwords, using different passwords for different sites, and checking mail forwarding and reply-to settings also helped avoid scams.

Netsafe director of education and engagement Sean Lyons said invoice scams had increased from 37 in the first six months of 2017 to 110 in the first six months of 2018.

The scam had cost businesses $865,000 in the first half of 2018, up from $159,000 in the same period in 2017, he said.

'In these types of invoice scams the money goes through several locations so that is difficult to trace back to the scammers. So it's likely that the person who owns the account in Dunedin is unknowingly acting as a money mule,' he said.

'Once the payments have been made it is very unlikely that people are able to get their money back, which is why it's so important to be proactive and vigilant in protecting yourself online.'

Netsafe listed precautions to avoid similar scams.

These include;

-Looking out for invoices for goods or services that you didn't order, or a call from someone claiming to be your regular supplier.

-If you notice a supplier's usual bank account details have changed, call them to confirm that the invoice is legitimate.

-Make sure you call the supplier using the phone number you have on file, or look it up on their website or in the phone book.

-Don't call the telephone number on the email or invoice, as this will likely be the scammers phone number.

-If you are making a large payment, double check with the source that you have the correct payment details.

-Always confirm if goods or services have been requested and received before paying an invoice e.g. use a purchase order number system or confirming with employees.

-Limit the number of people in your business who are authorised to make orders or pay invoices.

-Immediately cut contact with scammers who attempt to bully or intimidate you.

-If the bank account looks like it's an overseas bank account, or you have any suspicions about the payment details sent to you, investigate further.