How I lost £66,000 to scammers

To be fair, Malcolm, we don’t know when this happened. It may well have taken place some years ago and before the scam was well known.

But I find I’m increasingly thinking along the same lines as Alfa when she queried the surprisingly high number of builders to whom this seems to happen. And the dereliction of duty on the part of the Police.

No, that thought had occurred to me Ian. However, I then wondered why Which? continue to publicise it in this way when action is in hand?

I’d like Which? to get input from Action Fraud and the police to explain if they have difficulty in dealing with these crimes and why they are not more helpful.

“The Metropolitan Police says it is “doing all it can” to bring thieves to justice after figures suggested less than five per cent of burglaries and robberies across the country are being solved.“. That’s not reassuring either.

Looks like this happened September 2016.
https://www.telegraph.co.uk/personal-banking/savings/police-investigated-66000-fraud-loss-told-nationwides-procedures/

Looks like it, thanks alfa. Why publicise a three year old scam now, in a “new” convo, and without dating it?

There have been quite a few commenters who don’t agree with the stance Which? is taking, so they are probably trying to prove all victims should be reimbursed.

In this case, I think it should have been down to the builders to retrieve the money that was paid to them in good faith.

What is strange in the report, is the builder saying he hadn’t received the payment. If the email requesting payment came from a hacker, how did the builder know about it?

I wonder if the Police have ever investigated the ‘hacked’ builders?

I did exactly this when I had some building work undertaken. I transferred £1 to confirm I had the correct bank details. I had a good laugh with the builders about this but a few weeks later another customer fell fowl of this type of scam. I do not accept that the banks are at fault. It’s about time people took more responsibility for their own actions.

How do you allow your email account to be hacked? Inadequate security software?

There are quite a few of these stories on the internet.

I quite agree with you NFH, if builders accounts have been hacked then it is has to be due to their negligence. But in nearly all cases, builders still demand full payment for the work they have carried out. Customers are getting the blame for not checking who they were paying and end up paying twice.

I would also like to know how they supposedly get hacked.

I too am wondering how easy it might be to hack some builders’ email accounts.

One possible line of attack (or “attack vector” as some of the techno babble might say) would be to set up some website for the interests of builders. For example, one could set up some sort of forum for sharing experience and advice. Perhaps it would be caller “Builders’ Conversation” or something like that. To access the site, users would be asked to login with an email address and password. Then, if any users also used their email password for the site, the site owners would now have both their email and their email password.

Another way of getting such personal data might be via the dark web, where stolen data, e.g. from hacked retailers, may be traded between hackers and other criminals.

A third possibly might be “insider threats”. In general, I doubt that small or medium building firms will have any inherent immunity from such threats.

There are plenty of ways to hack someone’s e-mail account or any other type of account with password-only authentication. One of the most common is to trick the victim into installing malicious software, comprising a keystroke logger, on to their PC, for example by sending them a link by e-mail. Once the software is installed, this gives the hacker a log of every keystroke, including passwords.

I’m guessing that builders are particularly targetted as victims, given that they receive a lot of large incoming bank transfers and are often not good with technology.