A family-run building business was scammed out of $51,000 after their emails were hacked, tricking them into transfering money to a fake bank account.
Jane Fleming, who helps run the family business, subcontracted concreter Simon O’Donnell for a job in Montmorency in Melbourne’s northeast in May.
Mr O’Donnell sent Ms Fleming an invoice for $51,000 at 5pm on a Friday but Ms Fleming didn’t receive it until 7.30am the next day, during which time their emails were intercepted and manipulated.
South African hackers changed the payment details on the invoice to their own Commonwealth Bank account before forwarding the email to Ms Fleming.
Melbourne mother Jane Fleming (pictured), who helps run her family building business, attempted to pay subcontractor Simon O’Donnell $51,000 for his services in May – but their emails was intercepted and she unintentionally transferred it a hacker’s bank account
Ms Fleming had not contracted Mr O’Donnell for six months and just assumed he changed his details – thus not realising it was actually a hacker’s bank account.
The money was then withdrawn from an ATM in South Africa using the CBA account, which they likely created online with fake details.
Having not received the payment two days later, Mr O’Donnell called Ms Fleming’s husband to ask where the funds were, which is when both parties realised they had been scammed.
Ms Fleming and her husband were celebrating her son’s birthday when they found out the devastating news.
‘It was a horrible day. I just felt sick all day, just wondering where the 50 grand was,’ Ms Fleming told ABC News.
Meanwhile, Mr O’Donnell said he ‘felt completely helpless’ that his $51,000 payment had simply vanished into cyber-space.
Mr O’Donnell (pictured) said he ‘felt completely helpless’ that his $51,000 payment had simply vanished into cyber-space. He said the loss was another blow to his business during the Covid-19 pandemic
‘I’ve, from my angle, done nothing wrong. I finished a good job for someone, he was happy with the job, and I’m a lot of money out of pocket for six months, which during Covid hasn’t been ideal,’ he told the broadcaster.
Both Ms Fleming and Mr O’Donnell are now working frantically with Victoria Police and their banks to get the money back but it is unlikely they ever will since the funds have already been withdrawn in South Africa.
CBA shut down the fraudulent account but Ms Fleming said the bank is ‘making it really easy’ for foreign scammers to finesse Australian businesses.
‘I’d like this to be resolved by CBA acknowledging that they are negligent and allowing criminals from overseas to operate in Australia,’ she told the ABC.
Victoria Police is powerless to do anything as the money was withdrawn in South Africa, where it has no jurisdiction.
Ms Fleming also lodged a case against her own bank, Bendigo Bank, with the the Australian Financial Complaints Authority.
The AFCA is now investigating the matter and advised Australians to double check account details with their business partners to avoid being scammed.
A man withdraws money from a Commonwealth Bank ATM. Overseas hackers set up a CBA account online, received Mr O’Donnell’s fee and withdrew the funds from a South African ATM
Cyber-security experts believe Ms Fleming’s account was hacked and had malicious software installed, which allowed scammers to intercept, alter and redirect emails.
This method is known as a sophisticated business email compromise scam, which swindled $5.3 million from hard-working Australians in 2019 alone, according to Scamwatch.
Last year’s total was closer to $132 million when statistics from the big four banks and other government agencies is taken into account.
This year, Scamwatch has already received 1,099 reports of BEC scams totalling $3.7 million is losses for local businesses.
A CBA spokeswoman said ‘once we were made aware of what had happened we acted quickly to apply a block to the account which is now closed’.
‘While we have undertaken every action we can, unfortunately our efforts to recover the funds have been unsuccessful,’ she said.
‘We have informed the originating banks from where the payments were authorised of this.
‘In the meantime, we have provided what information we know about this case to the appropriate authorities and we will, of course, play our full part in any enquiries undertaken by them.
‘At CommBank, we actively monitor customer activity and may even hold first-time payments for up to 24 hours to help protect our customers from fraud and scam activity. We encourage customers to call us ASAP if they suspect a scam.’
Daily Mail Australia has contacted Bendigo Bank for comment.
A group of builders pour cement for a job. Ms Fleming had hired Mr O’Donnell for a concreting job in Montmorency in Melbourne’s northeast in May, which is why he required payment