Tradies frustrated by banks as business email scam costs them $51,000

As Jane Fleming lit the candles on her son’s birthday cake, she was preoccupied with a substantial sum of missing money — $51,000 to be precise.

“It was a horrible day. I just felt sick all day, just wondering where the 50 grand was,” she said.

It was on her son’s ninth birthday that she realised she’d transferred that amount into a scammer’s bank account.

Jane helps run the family building business, and in May she was arranging to pay $51,000 to a subcontractor.

“I thought it’s a huge [invoice]. I’ll break it up into two payments until we’ve got more funds to pay for the whole invoice,” she said.

She’d worked with concreter Simon O’Donnell for almost a decade, making countless payments to him in that time.

But a couple of days after Jane transferred the funds, Simon called her husband, asking where his money was.

Simon O’Donnell is frustrated the scammers were able to set up an Australian bank account and send the money overseas.(ABC News: Amy Bainbridge)

“I had my bank account on my computer screen right in front of me and there was no money there,” Simon said.

“His wife said in the background something to the effect of, ‘I’ve paid Simon, he was the one that changed his bank details.’

“Then the penny dropped.”

Simon realised he’d been scammed.

He said such a substantial loss of money was a kick in the guts in an already difficult period.

“I’ve, from my angle, done nothing wrong. I finished a good job for someone, he was happy with the job, and I’m a lot of money out of pocket for six months, which during COVID hasn’t been ideal.”

But the money was gone — and so began Simon and Jane’s efforts to get it back.

Spot the difference

When Jane received the $51,000 invoice from Simon, she did notice his bank account had changed and updated his details before transferring the money.

“We hadn’t used Simon for six months so I thought he’s possibly changed it over that period of time,” Jane said.

The email itself didn’t seem unusual and it showed clear details of the job that’d been completed.

An email detailing the concrete job Simon O'Donnell completed.
The email Jane Fleming received from Simon showed a knowledge of the job and didn’t set off any alarm bells.(ABC News)

But after looking at the email Simon sent, and the one Jane received, it was clear something was off.

Simon’s outbox shows he sent the invoice to Jane at 4:56pm on a Friday — but it didn’t appear in her inbox until 7:30am on the Saturday.

According to associate dean for computing and security at Edith Cowan University, associate professor Paul Haskell-Dowland, someone had gained access to either Simon or Jane’s computer, and was waiting for an opportunity like this.

Dr Haskell-Dowland believes hackers gained remote access by hacking the builder’s website and surreptitiously redirecting visitors to another site which installed malicious software.

Associate Professor Paul Haskell-Dowland stands in front of screens showing cyber criminal activity around the world.
Cyber crime expert Paul Haskell-Dowland believes the scammers altered emails by accessing one of the computers using malware.(ABC News: Andrew Willesee)

“So potentially having direct access to the computers and monitoring them, perhaps keeping an eye on them for a while, getting a feel for the kind of invoices that are being sent that way,” he said.

“It’s that control that has allowed the attackers to manipulate and modify emails between the two parties in this particular case.”

He said the hackers may have had access to the computer for months, or even longer — and a late-afternoon invoice was a prime target.

“An end-of-day invoice coming through where they know that the receiving company isn’t going to look at their email … that opens up an opportunity and it gives them time to analyse the email, to examine the [attached invoice],” he said.

An invoice which details a concreting job.
The invoice Jane received looked exactly the same as the one Simon sent, except the bank account was different.(ABC News)

Dr Haskell-Dowland examined the fraudulent invoice and said the alterations could only have been made by a person.

“The email would have been intercepted potentially via automated means and would have then been modified by human means,” he said.

Scammers stealing millions from businesses

Jane and Simon fell victim to a sophisticated business email compromise (BEC) scam.

“I didn’t know that an invoice could be intercepted between a supplier and ourselves and altered,” Jane said.

Simon O'Donnell watches over a man holding a hose.
The timing of the scam could not have come at a worse time as work slowed down during COVID-19.(ABC News: Patrick Stone)

Last year, Scamwatch said BEC scams netted $5.3 million across Australia.

But when those losses were combined with data from other government agencies and the big four banks, a total of $132 million was recorded.

So far this year, Scamwatch has received 1,099 reports of business email compromise scams worth $3.7 million in losses.

Small Business Ombudsman Kate Carnell said the average amount businesses lost was $10,000 per transaction.

Small business ombudsman Kate Carnell sits at a computer in her office.
Small Business Ombudsman Kate Carnell says the COVID-19 pandemic has made cyber crime easier, with more people working from home.(ABC News: Ian Cutmore)

“Just recently, a survey was done of nearly 2,000 small businesses and 62 per cent of them had been hit by some level of cybersecurity breach, and this one, the invoice interception is now one of the most common,” Ms Carnell said.

“What we’re seeing is a significant increase and some of that increase we think is because people are working from home with less secure systems.”

Who’s behind the keyboard?

Tracking who was behind the scam that cost Simon and Jane is much more difficult than figuring out how it was done.

Jane and Simon both had their computers examined for signs of malware and came up with nothing.

“It is quite possible that the malware has been removed by the attackers because the attack has been successful,” Dr Haskell-Dowland said.

Despite Simon’s email address appearing as the sender of both the fraudulent $51,000 invoice and a lesser $804 invoice, metadata shows each invoice was actually sent by a different email address.

The ABC tracked down the person who owned one of the addresses to find out he too had been hacked.

The scammers had used his email to target others and managed to successfully scam a Canberra builder out of $20,000.

Police almost powerless

Victoria Police is investigating what occurred with Simon and Jane, but justice is far from assured.

The site associated with the hack of the builder’s website is based in Singapore, which puts it out of state police’s reach.

Police also believe the scammers have withdrawn money from an ATM in South Africa, further hampering the investigation.

Simon sits at his computer with one hand on the mouse.
Simon O’Donnell was looking at his online bank balance and could see the money had not been deposited.(ABC News: Amy Bainbridge)

Local police officer, Detective Leading Senior Constable David Morrison, is now trying to figure out who’s behind the web of Australian bank accounts used to funnel the money overseas.

“Unfortunately at this stage, I have not been able to identify the account holder of the offending account, and it is possible the account was opened online under a false name and address,” he told the ABC in a statement.

He said he had contacted multiple banks involved in a bid to trace the money.

“I have received some information as to the account holder’s details … however I am yet to receive information regarding the movement of the monies,” Leading Senior Constable Morrison said.

“Attempts are still being made to identify the account holder/s of the relevant accounts, however again, it is fairly probable that these accounts were opened under false names.”

In separate correspondence with Victoria Police, Jane was told: “Any further investigation is unlikely to result in a successful prosecution of the party responsible.”

“The reason is Victoria Police has no jurisdiction in South Africa and Interpol will only investigate fraud matter in excess of $1,000,000 loss,” it said in an email.

Leading Senior Constable Morrison said the matter would likely be passed on to the Australian Federal Police (AFP).

But the priority of the AFP is to “investigate cybercrime threats against Commonwealth Government departments, critical infrastructure and information systems of national significance” — meaning Jane and Simon’s case may come to a dead end.

What are the banks doing?

As cyber specialist Dr Haskell-Dowland picked through the trail of foreign servers and hacked emails, he questioned what Australian banks were doing to stop this type of crime.

“In terms of how to improve the situation, certainly the banks would be the [place to start],” he said.

Banks have a legal obligation to verify the information used to set up bank accounts.

But according to Victoria Police, it appears the Commonwealth Bank account which Jane deposited the money into was likely set up online using a false name and address.

Dr Haskell-Dowland said that could be prevented by strict “in-person identity checks, removing the opportunity for people to do this electronically, without undertaking some form of formal verification”.

Jane said she’d been “going in circles” trying to get help from the banks and regulators.

Jane Fleming sits on steps inside her house.
Jane Fleming said no-one has been able to help her or Simon navigate the problem.(ABC News: Loretta Florance)

“CBA said they weren’t negligent and then AFCA (Australian Financial Complaints Authority) said we’re not in the jurisdiction because we’re not customers of CBA,” Jane said.

“Then they said to contact ASIC, who pointed us back towards AFCA.”

Jane has since received an email from the CBA declining her request for a refund, telling her she’d need “to approach your financial institution (Bendigo Bank) and lodge a claim for these funds”.

“I’d like this to be resolved by CBA acknowledging that they are negligent and allowing criminals from overseas to operate in Australia,” she said.

“It sounds like anyone can open a bank account with any name and then I can put money into that account in another business name and there are no alarm bells going off.”

The Commonwealth Bank said it acted quickly to block the account, which is now closed, as well as providing information to authorities.

“Despite the commitment and best efforts of regulators, law enforcement agencies and the banking industry, such frauds and scams sadly still occur,” the bank said in a statement.

“It is widely recognised that scams are becoming increasingly sophisticated which has prompted increased investment across the sector in resources, systems, data and intelligence to combat fraud and alert the Australian public to the risks the community faces.”

Jane lodged an AFCA complaint to the Bendigo Bank in the hope of a resolution.

In response, the bank said it tried to recover the money as soon as it was made aware of the situation.

“The correct procedures were followed to notify the other financial institution (Commonwealth Bank) and to request a recall of the funds,” the bank said.

“Because of the time delay between the funds being sent and notifying Bendigo Bank of the fraud, the likelihood of recovery for any other financial institution would be very low.”

The bank advised that those efforts were ultimately unsuccessful.

The ABC asked the Bendigo Bank about Jane’s case, but it declined to comment while the matter was still before AFCA.

Double-check your invoices

The Australian Financial Complaints Authority said it was working with industry and other stakeholders to try to minimise invoice hacking scams.

“To avoid falling victim to invoice hacking scams, consumers should call the supplier to confirm the correct account details before transferring large amounts of money, especially if they have received an email from the supplier saying their account details have changed,” AFCA lead ombudsman banking and finance, Evelyn Halls, said in a statement.

Jane stands at a drafter's table and looks at building plans.
Jane Fleming now calls contractors before paying invoices.(ABC News: Loretta Florance)

It’s advice both Jane and Simon can’t endorse strongly enough.

The concreter now sends a text with every invoice he sends, while Jane calls the sender to check details before paying.

“Just any invoice that you get, check if it’s a new [account] with a new BSB and account number, just call your supplier and confirm that that is their details,” Jane said.

Source link

Why tradies are hiring their utes in 2020

If 2020 has taught
us one thing, it is that carrying debt in a small business can leave you
exposed and at your bank’s mercy when there is a major economic downturn.

In the wake of the
Banking Royal Commission, traditional financing methods have become difficult
for small trade business owners to explore. Lengthy application processes,
strict credit history review guidelines and tough approval criteria are now the
new norm.

Traditional methods,
like finance and leasing your trade business fleet are becoming less and less
attractive for tradies.


Since the royal
commission, banks have tightened the lending criteria significantly for
borrowers, particularly businesses. Car dealerships are recording finance
application rates sky-rocketing north of 30 per cent.

Loans are being strictly tested for suitability. When it comes to your business the banks are assessing your suitability based on “serviceability”, which in essence means profitability. So, if you are a new business starter or your trying to scale your business up and your margins are tight, getting loans or leases is going to be a tough task.

So, why are tradies
switching to renting their utes?

No debt obligations

Hiring your ute
means you can get wheels on the ground without a stressful debt carried over
your business which, ultimately if you are the director the debt is in your
name. When you consider debt, you must think about a few things, most notably,
the interest rate.

The cost of
borrowing money in 2020 is far better than it was when our parents borrowed
money years ago. However, that is if you qualify for a low interest loan, which
is fast becoming rarity. More and more people are having to opt for
high-interest finance agreements which is not ideal particularly for start-up


Depreciation is
quickly discussed, easily forgotten factor when it comes to asset purchases. The

reality is that depreciation costs are real. How it is recorded when it comes
to your books, can be left to a discussion with your accountant. What Tradies
really need to consider is what will your ute be worth when you go to sell it.

A ute such as a
Toyota Hilux will depreciate at roughly 16 per cent to 20 per cent of its value
every year. A commercial vehicle that may suffer from more wear and tear than
usual being close to jobsites means that the vehicle could depreciate at a
quicker rate than usual.

When it comes to
hiring a ute, you carry none of the burden of depreciation on the vehicle
because you do not own it. At the end of the rental period you hand the ute
back and roll over to a new contract.

Length flexibility

Financing or leasing
a ute leaves no flexibility for payments over the life of the loan. You are
subject to the payments terms of the agreement and can face harsh penalties if
you miss a payment. On a five-year agreement that is 60 monthly payments that
you cannot miss.

You carry around your credit history for life and your trade business is no different. Even something as little as a finance application rejection leaves a mark on your credit history which can hinder your future credit score.

Hiring a ute allows
you to discuss payment terms with the rental company as well as take a short-term
contract which gives you the freedom to renew or return the vehicle over short
periods like three to 12 months.

If you are growing
your business and bringing on an employee, that employee will likely work
through a probation period. A shorter contract is a great alternative to a
three to five-year lease or finance agreement on a ute that can just be
returned if that employee decides to leave.

Tim Cullen Co-Founder and Director,

Source link

Emails reveal how Hobart’s Crowne Plaza imported tradies amid lockdown ahead of grand opening

The head of Tasmania’s powerful hospitality body spoke directly with one of the Premier’s advisers the day the state’s borders closed with an “urgent” request to allow interstate tradies to avoid quarantine so they could finish a multi-million-dollar Hobart hotel.

Tasmanian Hospitality Association (THA) head Steve Old told attendees of Crowne Plaza’s grand opening on July 1 his contact book had helped ensure the 235-room development could open its doors on time.

Documents released under Right to Information (RTI) laws reveal Mr Old was in contact with Premier Peter Gutwein’s principal economic adviser Tony Mayell requesting help the same day the closure of the state’s borders was announced.

“As discussed … [redacted] has fly in, fly out tradies working on Crowne Plaza,” the email read.

“She needs an email stating they are OK to come back and work next week. Urgent :)”

Mr Mayell responded within an hour that he was “confident that the query re FIFOs is going to be answered the way you want”.

Later that evening, Mr Mayell told Mr Old that no-one could allow workers into the state until the department had finalised its entry criteria.

He goes on to explain that the head of the Department of Primary Industries, Parks, Water and Environment Tim Baker would be authorised to allow essential workers in, based on the criteria.

“I intend having a conversation with him [Mr Baker] as soon as the criteria are signed off,” the documents show.

To which Mr Old offered: “Let me know Tony if you need me to speak to Tim Baker.”

By 10:13pm that night Mr Mayell emailed Mr Old:

The ABC asked the State Government whether Mr Old and Kalis Group had received favourable treatment to which a spokesman said: “No.”

Premier Peter Gutwein with Kalis Group CEO Alexia Kalis and Tasmanian Hospitality Association’s Steve Old at the hotel’s opening.(Crowne Plaza/Rosie Hastie)

Tasmania was the first state to enforce a hard border lockdown as coronavirus gripped the nation.

The essential traveller program has attracted public scrutiny as some applications to attend funerals or visit sick friends and relatives were rejected.

Mr Baker was charged with signing off on exemptions in the first weeks of the pandemic, but it later fell to State Controller Darren Hine with the support of staff from Biosecurity Tasmania.

State Growth became involved in the process about a month ago as criticism grew over who was and was not allowed into the state.

The emails reveal at least one recommendation to reject an application for essential traveller status was overturned by a more senior staff member.

The ABC sought responses from the parties named in the RTI documents.

In a statement to the ABC, a spokeswoman for the THA said the body was supportive of restrictions on interstate travel and the “thorough” essential traveller process.

“At no stage has any representative of the Tasmanian Hospitality Association attempted to seek special treatment in this process, nor has any special consideration been given by the Department of Primary Industries, Parks, Water and Environment,” the spokeswoman said.

“The THA is of the understanding that all applications from personnel linked to the Crowne Plaza Hotel construction and sign off were subject to the same thorough and proper assessment processes as all other Essential Traveller exemption applications.”

A State Government spokesman said: “All decisions associated with essential travellers are made independently and at arm’s length from the Government by the State Controller and DPIPWE.”

Combined, the THA and Crowne Plaza’s owner, Kalis Group, donated more than $300,000 to the Tasmanian Liberals ahead of the 2018 state election.

Premier Peter Gutwein has derided previous reporting of the Crowne Plaza exemptions as an offensive “witch hunt”.

The emails also reveal Kalis Group requested help from the Premier’s staff on how to “quieten the noise” from the Construction, Forestry, Maritime, Mining and Energy Union (CFMEU) on interstate tradies working on the Crowne Plaza site.

On April 23, chief executive Alexia Kalis wrote to Mr Mayell to ask whether all interstate workers on the site could be tested for coronavirus so “this might all go away”.

“They are due to arrive on Monday [and] currently the union is threatening to walk off site which will obviously cause more attention,” she wrote.

On April 27 she added: “Tony this is getting really damaging in an environment that we have already had to let over 110 staff go at the Crowne Plaza, at this stage we are not eligible for JobKeeper as we have no turnover and we have all our costs monthly that are already creating great stress.”

The emails were shared among the Premier’s most senior advisers for guidance.

A government spokesman said it was usual practice for government advisers to discuss “a range of matters” with stakeholders.

“[This is] to ensure they have accurate information, especially during the initial phases of the COVID-19 emergency where the situation was changing on a daily basis,” the spokesman said.

The CFMEU ultimately held press conferences with MPs from the Labor opposition speaking against exemptions granted to interstate workers.

Crowne Plaza, which had attracted more than $1 million in bookings before it opened its doors, was not the only Tasmanian development that sought interstate assistance during the state’s lockdown.

A separate email thread in July revealed the bulk of approved specialist worker applications related to “large building projects”, including:

  • The Royal Hobart Hospital
  • A refurbishment at Coles New Town
  • The Granville Harbour Wind Farm
  • Macquarie Point
  • Parliament Square

A separate Right to Information request released to Labor earlier this year showed the occupations granted exemptions to travel restrictions included engineering professionals, a judge, pilots, plumbers and skilled agricultural workers.

Almost 100 of the approved specialist skills exemptions were granted to “specialist technicians”.

Source link