Thread: Land Rover dealership in damage control over deposit stealing scam

Businesses should NEVER provide bank account details in emails, instead refer customers to their web-site for account details if the business doesn't have online payments via a web-site. Furthermore, people should never rely upon bank account details that have been provided in an email.

Definitely 'caveat emptor', however, I find the following interesting: It wasn't Medibank's fault either. Or Optus.

“Their email had been compromised,” Mr Palmer told news.com.au.“They said they had been hacked and it was not their fault.

These email scams have been common for nearly 10 years now, so companies should be aware of them - law firms in particular have been hit by them and now have agreed protocols for payments. It just goes to demonstrate that email isn't very secure.

I am not sure that "email isn't very secure" is the right comment. The problem is not that email is not secure but that email is nearly as easy for impersonation as is snail mail.

I mean if I get an email purportedly from an Australian company or government organisation that actually was sent from a gmail address from an organisation that has a website, why would I not be just as suspicious as if it were a letter with a Perth return address but that was posted in Russia? Especially if it was supplying details for payment.

Originally Posted by JDNSW

I am not sure that "email isn't very secure" is the right comment. The problem is not that email is not secure but that email is nearly as easy for impersonation as is snail mail.

I mean if I get an email purportedly from an Australian company or government organisation that actually was sent from a gmail address from an organisation that has a website, why would I not be just as suspicious as if it were a letter with a Perth return address but that was posted in Russia? Especially if it was supplying details for payment.

That's the way I look at it. I simply ignore all such communications in the knowledge that my bank etc. will NEVER ask for details or payments. Same with utilities.

The FIFO worker mentioned in the article got lazy because he had dealt with the dealer on several previous occasions successfully. He was excited for his new car and let his guard down. Parasites prey on vulnerability. I'm willing to bet he goes in and pays in person next time.

Scammers can also spoof sms messages from banks, utilities, etc so the fake text appears in the ongoing conversation on your mobile.

Before sending funds phone them from a number you have obtained from them to confirm details

Under current law Banks have no duty of care when you use the internet and that includes internet banking. If it goes wrong is your problem not theirs

Originally Posted by JDNSW

I am not sure that "email isn't very secure" is the right comment. The problem is not that email is not secure but that email is nearly as easy for impersonation as is snail mail.

I mean if I get an email purportedly from an Australian company or government organisation that actually was sent from a gmail address from an organisation that has a website, why would I not be just as suspicious as if it were a letter with a Perth return address but that was posted in Russia? Especially if it was supplying details for payment.

You don't understand how these scams work: they aren't impersonating or spoofing addresses, the emails actually come from the relevant company's own email servers and address. What happens is that the criminals get access to the companies email servers - through phishing/trojans/malware - and sit and watch. They then, when the time's right, make a request for payment or direct a payment somewhere, often at the end of an existing email chain. There is nothing to indicate that the email is inauthentic because it is authentic, it's just that it's been sent by a criminal. As a result the protocol in banks and law firms is to verbally confirm every payment request using a known contact number that isn't on the email, because the scammers usually amend the contact numbers to one that links to their own phone numbers.