Posts
5449
Joined
2/7/2009
Location
Dallas, TX
US
Fantasy
44th
Hey guys,
First of all, things happen, I know. I'm moving forward, but thought I should share since apparently this is becoming much more prevalent and don't want anyone else getting robbed.
I work for a small company that contracts with much larger companies for consulting services. They invoice my work and then I get paid. Usually, the payments come in large lump sums. Well, someone hacked our system and sent my client a change of account form. My client didn't follow proper procedure and changed it without verification.
End result - they paid the hackers and I'm out $68K and change, and there is no insurance or digital trail to get it back. Now lawyers are involved, along with the FBI, but my chance of getting the money back is probably about 1%.
That said, I wanted to make everyone here aware of this issue. According to my friend who works in digital security, and our contacts with the FBI, this has become a huge problem. Hackers target small companies that make large transactions. Apparently title companies are a big target, and about 50% of companies that get hit go bankrupt within the next year. What they do is infiltrate your system and create a means of communicating as if they were you, while intercepting any return messages, so you will never know that they are in contact with someone as if they were you, unless you proactively call or do something else.
Last year, the NSA was hacked and the hackers stole code for many of the cyber weapons that the NSA was using to hack foreign governments and companies for info. So in the last year, hackers have been happily targeting US companies using our own technology, and basic anti-virus doesn't stand a chance.
Be extra vigilant guys. Keep an eye out for anything suspicious. Whether you are the one invoicing, or the one making large payments, be careful. They could just as easily target someone like a dealer who makes large payments to suppliers and get them to pay the wrong account.
Be careful out there guys
First of all, things happen, I know. I'm moving forward, but thought I should share since apparently this is becoming much more prevalent and don't want anyone else getting robbed.
I work for a small company that contracts with much larger companies for consulting services. They invoice my work and then I get paid. Usually, the payments come in large lump sums. Well, someone hacked our system and sent my client a change of account form. My client didn't follow proper procedure and changed it without verification.
End result - they paid the hackers and I'm out $68K and change, and there is no insurance or digital trail to get it back. Now lawyers are involved, along with the FBI, but my chance of getting the money back is probably about 1%.
That said, I wanted to make everyone here aware of this issue. According to my friend who works in digital security, and our contacts with the FBI, this has become a huge problem. Hackers target small companies that make large transactions. Apparently title companies are a big target, and about 50% of companies that get hit go bankrupt within the next year. What they do is infiltrate your system and create a means of communicating as if they were you, while intercepting any return messages, so you will never know that they are in contact with someone as if they were you, unless you proactively call or do something else.
Last year, the NSA was hacked and the hackers stole code for many of the cyber weapons that the NSA was using to hack foreign governments and companies for info. So in the last year, hackers have been happily targeting US companies using our own technology, and basic anti-virus doesn't stand a chance.
Be extra vigilant guys. Keep an eye out for anything suspicious. Whether you are the one invoicing, or the one making large payments, be careful. They could just as easily target someone like a dealer who makes large payments to suppliers and get them to pay the wrong account.
Be careful out there guys
If the client didn't follow proper procedures to verify the change, why do you not think they are still liable for the payment?
Especially with such large transactions, a small debit/credit transaction should have been done to verify with you that the account was legit.
TOR on down sometime and have a look around.
If anything hackers steal $1 from a million people, no one notices.
Sounds like an inside job to me.....how well do you know your computer admin there???
Just yesterday we had an exec assistant receive an email from our what looked like our CEO asking for her to process a wire transfer for 19k. We have processes in place that prevented it from happening thankfully. But basically she did not follow her training and responded back saying she would get it setup. They sent her the Wire instructions back. She tried to get wire setup through our accounting group. That's where our internal procedures kicked in and it was determined it was a fraudulent request. Now mind you if you just look at the reply address when she hits reply it clearly switches as having come from our CEO and switches to going to back to whoever the fuck at a comcast account, Plain as day but she did not bother to check this. Second time she has been burned on this.
Anyways....
It's a huge problem for companies of all sizes.
But that's usually how it's done. We also get change of address requests constantly. Have to have a procedure in place to change any place where a check goes.
And it gets really tricky because a vendor we pay may have had their own email hacked and the change of request comes from a truly verified vendor account.
I could go on and on.....
The Shop
The thing complicating this is that I have a pretty good relationship with them, and don't want to burn any bridges from potential future work by dragging this into litigation. This is a small industry, and sometimes the best bet is the long one.
Ohio, I know, I'm suspicious too. Problem is I have zero evidence of anything malicious on our end, and whoever it was covered their tracks really damn well.
The college down the street just took a $1.9 million hit from the same scam! Money is GONE!
In the early days, security experts (young hackers) told Congress- "don't do this." Online commerce and transactions will never be safe. They were completely right. Everybody has been hacked, pretty much. (Equifax for me). It's a fucking disaster, all for convenience.
And now they want me to hand over the steering wheel to connected, autonomous cars. Yeeeah, right.
In my work I have to accept some electronic payments for govt jobs and do payroll taxes electronically. Other than that I do all invoicing, accounts payable and receivable with mailed checks. We avoid everything possibe online.
I could go back to pay phones, pagers and fax machines tomorrow morning and not miss a beat.
Sorry to hear you got burned. At this point everyone is exposed I think. Just a matter of time.
About 10 years ago, I was informed by my mortgage holder that some rogue employee made off with 20,000 people's SSNs, mine included. They were happy to offer me a year of free credit monitoring, though.
Just going by what you said above, and assuming it's entirely accurate.
The company you work for owes you the $68k. You should not be the one to take that on the chin. It was their mistake.
Think of it this way. If they wrote a check for $68k and gave it to the wrong person. And that person then cashes the check and leaves the country, would they be off the hook from paying you what they owe? Absolutely not.
They owe you the $68k. Regardless of who they accidentally paid. They will have to sort that out. That's on them but you are entitled to every penny of the $68k from them.
Just passing it along....
Post a reply to: Rant and PSA - hackers stole A LOT from me