There has been a lot in the news lately about e-mail hacking.
I have to admit that I didn’t really see why this would be an issue to ordinary users like me, who have nothing sensitive or incriminating in their emails. What would be the problem?
My biggest concern was that someone might hack into my account and send emails out as though they had come from me. This could be hugely embarrassing if they were offensive or pornographic, but anyone I communicate with regularly would know I would not send such material, and realise something was wrong.
But something happened to a friend of mine recently that completely changed my mind. I will tell you the story in case a similar thing happens to you.
My friend was having a new kitchen and bathroom installed by a local contractor. When the work had been completed, he received an invoice from the contractor in the post, together with the contractors bank details so that he could make an online payment.
My friend, who likes to pay bills very promptly, sent an email to the contractor saying that he was happy with the work, and that he would pay the invoice before the end of the week.
The next day my friend received a reply from the contractor’s email address, saying that the contractor had been forced to change his bank account at short notice because of online fraud. The email contained details of a new account to which payment should be made. Everything about this email looked authentic – it came from the contractor’s email address with the same logo as previous messages he had received, and written in the same style.
Fortunately my friend replied, saying that he would make the payment to the new account at the end of the week as arranged. Within an hour the contractor phoned him saying that he definitely had not changed his bank account, and had definitely not sent the email with the new account details. He said that his email account had been hacked once before, and that this must have happened again. The case was referred to the police (though I suspect the account will be untraceable), and my friend paid the contractor by cheque.
This could so easily have ended badly. There was nothing in the fraudulent email to make my friend suspicious, and it was so fortunate that he replied to it and alerted the contractor to the problem. Presumably this reply also alerted the hackers to the fact that their scam had been discovered, so they would cover their tracks. The invoice in question was for several thousand pounds – a significant sum of money – and if my friend had made the payment it would have been hassle for him, the contractor, and presumably the banks and the police, to sort this out.
I am a huge fan of online banking and electronic payments – I like using new technologies and love the convenience. I consider myself to be a responsible user who is aware of phishing and scams. But the story above shows how incredibly careful you need to be.
If ever you receive an email with details of a bank account change, always, always double check with the sender that it is authentic. It is better to be careful than to fall into a trap like the one described above.