Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner. Facebook Messenger An icon of the facebook messenger app logo. Facebook An icon of a facebook f logo. Facebook Messenger An icon of the Twitter app logo. LinkedIn An icon of the LinkedIn logo. WhatsApp Messenger An icon of the Whatsapp messenger app logo. Email An icon of an mail envelope. Copy link A decentered black square over a white square.
Home P&J Investigations

Aberdeen taxi driver’s bank account wiped out by single email

By Dale Haslam
Post Thumbnail

A taxi driver was conned out of £23,700 – and all it took was a single email.

The 55-year-old was buying a house and paid for a lawyer to handle the contracts when he fell prey to a professional hacker.

Less than 24 hours after doing the deal, the dad-of-four got an email from the legal firm’s address, instructing him how to pay.

The man followed that instruction – and was later horrified to discover the solicitors’ email account had been hacked.

Our in-depth investigation into fraud in the region has uncovered that there have been 73 frauds like this in the north-east in the last year – and the victims were fleeced out of a total of £1,961,057.64.

More than £900,000 of that was swiped in May of this year.

And the problem is getting worse: In the previous 12-month period there were 68 incidents, when the takings totalled £1,213.552.07.

Police have now launched a campaign urging people to be on their guard – an initiative backed by the taxi driver.

The man, who has asked not to be named out of embarrassment, said he wants people to do all they can to avoid becoming the next victim.

“This experience has made me more aware. When it comes to a large sum of money you’ve got to be careful. Think twice – three times in fact. Don’t take things for granted thinking modern technology is quite safe,” said the man.

The married dad of four has worked as a cabbie for several decades and saved up enough to buy property with his wife, earning rental income.

That was a success, so he decided to do it again in 2018 – and found the perfect property.

After agreeing a price with the owner, he found a lawyer based in Aberdeen, who he has chosen not to name.

The man said: “The property was buy-to-rent, and I’ve done that before. I brought the lawyer in to finalise the deal. I had dealt with this lawyer before and everything was fine, and he’s still my lawyer.

“At one point I thought – who is going to hack the email of a lawyer? The company I went with showed me they had a strong, secure IT system but the people who hacked them are professionals.

“There was nothing the lawyers could do to stop it.”

A professional hacker got access to his lawyer’s email account

Around three weeks after the man contacted the lawyer, he received an email, instructing him where to pay the £23,700 deposit for the property.

The man said the email came from his lawyer’s email address and the only thing out of place was that the name of the law firm ended in ‘trust’ rather than ‘law’.

He added: “It was the kind of thing designed to not raise suspicion to the average person at the time, but that would raise a red flag looking back.”

Explaining how the scam worked, the man said: “Fraudsters hacked my lawyers email, found previous emails between me and the lawyer and knew there was an opportunity to target me for money.

“Three days later my lawyer emailed me and said ‘I’m still waiting for the funds’.

“I said ‘what are you talking about? You emailed me and I paid you. We both panicked. My lawyer’s mind clicked and said ‘come to the office right now, there’s been a hack’.

“My wife was panicking as well. We’ve always done investments together and this has impacted on her just as much as me.

“I went straight to the bank but unfortunately it was too late to get the money back. We called the police.”

Incredibly, the fraudsters emailed the man a second time because they were having trouble transferring some of the funds they had stolen from him.

He said: “They emailed me and said ‘you need to go to your bank because we’re doing a financial audit’. They couldn’t get all the money and they wanted me to do another financial transaction.

“By that time, they had been found out, so it didn’t happen.”

Though the victim’s money was never recovered, the law firm paid all but £4,000 of the stolen funds back to him.

He said: “However, other people might not be so fortunate. Losing that money would have blown a hole in my finances. It could be other people’s life savings.”

“I am glad the police are warning people, because these fraudsters are clever.

“If I were doing this deal again, I would have phoned my lawyer personally and asked him to confirm the email was legitimate or visited him in person.

“I am glad the Evening Express is making people aware of this.

“I am speaking out about my experience so people will be careful when receiving business emails – always check.”

Detective Inspector Michael Smith,of Police Scotland whose Aberdeen base is at Queen Street, said the fraud often involve a company’s customer, like in the example of the taxi driver, or it can involve several businesses, where one buys the services of another and a hacker gains access to their email or phone system to change the invoice details.

Queen Street Police Headquarters

Reacting to the latest figures that show 74 people have lost an average of £26,500 each in the region in the last 12 months, he added: “I was quite shocked when I saw those figures.

“There will be instances there where frauds have taken businesses down.”

Det Insp Smith said: “It can be really difficult to notice this kind of scam.

“The main tell-tale sign of this kind of fraud is when someone sends you an email creates a sense of urgency.

“They may contact you and say ‘I know I said you could pay at such a time, but I need it by noon’ or ‘just to let you know, we’re changing our bank details’.

“Sometimes, you can tell that these emails are badly written or don’t fit the patterns of emails you’ve had from that person previously.

“As far as businesses are concerned, when they are dealing with lots of money, they need to ensure their rules for interacting with email and the internet are robust.

“One of the main things is effective staff training. Companies should not encourage a blame culture and instead empower staff.

“For example, if a firm gets an invoice for £15,000, they should feel like there is no problem if they choose to call the other company to check ‘did you really send it?’.

“Staff need to be given the tools, the training and the confidence to protect their employers.

“I would definitely encourage customers to call or visit a business to verify that invoices are genuine.

“Anything you see that triggers you to think ‘something just isn’t quite right here’ – it is important to stay alert and question people.”

He added: “With smaller businesses, you may see an email that says ‘we’re having trouble with our bank, but you can pay in another currency’. That should be a red flag.”

More from P&J Investigations

Arlene Fraser was last seen in April 1998.
Arlene Fraser murder: P&J launches new six-part true crime podcast