A taxi driver was conned out of £23,700 – and all it took was a single email.
The 55-year-old was buying a house and paid for a lawyer to handle the contracts when he fell prey to a professional hacker.
Less than 24 hours after doing the deal, the dad-of-four got an email from the legal firm’s address, instructing him how to pay.
The man followed that instruction – and was later horrified to discover the solicitors’ email account had been hacked.
Our in-depth investigation into fraud in the region has uncovered that there have been 73 frauds like this in the north-east in the last year – and the victims were fleeced out of a total of £1,961,057.64.
More than £900,000 of that was swiped in May of this year.
And the problem is getting worse: In the previous 12-month period there were 68 incidents, when the takings totalled £1,213.552.07.
Police have now launched a campaign urging people to be on their guard – an initiative backed by the taxi driver.
The man, who has asked not to be named out of embarrassment, said he wants people to do all they can to avoid becoming the next victim.
“This experience has made me more aware. When it comes to a large sum of money you’ve got to be careful. Think twice – three times in fact. Don’t take things for granted thinking modern technology is quite safe,” said the man.
The married dad of four has worked as a cabbie for several decades and saved up enough to buy property with his wife, earning rental income.
That was a success, so he decided to do it again in 2018 – and found the perfect property.
After agreeing a price with the owner, he found a lawyer based in Aberdeen, who he has chosen not to name.
The man said: “The property was buy-to-rent, and I’ve done that before. I brought the lawyer in to finalise the deal. I had dealt with this lawyer before and everything was fine, and he’s still my lawyer.
“At one point I thought – who is going to hack the email of a lawyer? The company I went with showed me they had a strong, secure IT system but the people who hacked them are professionals.
“There was nothing the lawyers could do to stop it.”
Around three weeks after the man contacted the lawyer, he received an email, instructing him where to pay the £23,700 deposit for the property.
The man said the email came from his lawyer’s email address and the only thing out of place was that the name of the law firm ended in ‘trust’ rather than ‘law’.
He added: “It was the kind of thing designed to not raise suspicion to the average person at the time, but that would raise a red flag looking back.”
Explaining how the scam worked, the man said: “Fraudsters hacked my lawyers email, found previous emails between me and the lawyer and knew there was an opportunity to target me for money.
“Three days later my lawyer emailed me and said ‘I’m still waiting for the funds’.
“I said ‘what are you talking about? You emailed me and I paid you. We both panicked. My lawyer’s mind clicked and said ‘come to the office right now, there’s been a hack’.
“My wife was panicking as well. We’ve always done investments together and this has impacted on her just as much as me.
“I went straight to the bank but unfortunately it was too late to get the money back. We called the police.”
Incredibly, the fraudsters emailed the man a second time because they were having trouble transferring some of the funds they had stolen from him.
He said: “They emailed me and said ‘you need to go to your bank because we’re doing a financial audit’. They couldn’t get all the money and they wanted me to do another financial transaction.
“By that time, they had been found out, so it didn’t happen.”
Though the victim’s money was never recovered, the law firm paid all but £4,000 of the stolen funds back to him.
He said: “However, other people might not be so fortunate. Losing that money would have blown a hole in my finances. It could be other people’s life savings.”
“I am glad the police are warning people, because these fraudsters are clever.
“If I were doing this deal again, I would have phoned my lawyer personally and asked him to confirm the email was legitimate or visited him in person.
“I am glad the Evening Express is making people aware of this.
“I am speaking out about my experience so people will be careful when receiving business emails – always check.”
Detective Inspector Michael Smith,of Police Scotland whose Aberdeen base is at Queen Street, said the fraud often involve a company’s customer, like in the example of the taxi driver, or it can involve several businesses, where one buys the services of another and a hacker gains access to their email or phone system to change the invoice details.
Reacting to the latest figures that show 74 people have lost an average of £26,500 each in the region in the last 12 months, he added: “I was quite shocked when I saw those figures.
“There will be instances there where frauds have taken businesses down.”
Det Insp Smith said: “It can be really difficult to notice this kind of scam.
“The main tell-tale sign of this kind of fraud is when someone sends you an email creates a sense of urgency.
“They may contact you and say ‘I know I said you could pay at such a time, but I need it by noon’ or ‘just to let you know, we’re changing our bank details’.
“Sometimes, you can tell that these emails are badly written or don’t fit the patterns of emails you’ve had from that person previously.
“As far as businesses are concerned, when they are dealing with lots of money, they need to ensure their rules for interacting with email and the internet are robust.
“One of the main things is effective staff training. Companies should not encourage a blame culture and instead empower staff.
“For example, if a firm gets an invoice for £15,000, they should feel like there is no problem if they choose to call the other company to check ‘did you really send it?’.
“Staff need to be given the tools, the training and the confidence to protect their employers.
“I would definitely encourage customers to call or visit a business to verify that invoices are genuine.
“Anything you see that triggers you to think ‘something just isn’t quite right here’ – it is important to stay alert and question people.”
He added: “With smaller businesses, you may see an email that says ‘we’re having trouble with our bank, but you can pay in another currency’. That should be a red flag.”