Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Businesses The Courts

One of Australia's Richest Men Lost $1 Million To Email Scam (bloomberg.com) 84

Kaye Wiggins, reporting for Bloomberg: The multi-millionaire founder of Twynam Agricultural Group lost $1 million in an email fraud, a London court heard Thursday. The British man who facilitated the theft says he's a victim too. John Kahlbetzer, who is on the Forbes list of the 50 richest Australians, lost the money when fraudsters tricked the administrator of his personal finances into transferring it to them, his court papers say. Fraudsters emailed Christine Campbell, pretending to be the 87-year-old and asking her to pay $1 million to an account held by a British man, David Aldridge, which she did. Kahlbetzer is suing Aldridge to recover the funds, but Aldridge says he was being "unwittingly used" and was himself the victim of a fraud involving a woman he met online and believed he was in a loving relationship with. Email frauds where companies' staff are tricked into transferring money are a growing problem. U.S. Federal Bureau of Investigation statistics show "business email compromise" cases, where criminals ask company officials to transfer funds, have cost more than $3 billion since 2015.
This discussion has been archived. No new comments can be posted.

One of Australia's Richest Men Lost $1 Million To Email Scam

Comments Filter:
  • by John Jorsett ( 171560 ) on Friday December 15, 2017 @12:28PM (#55746427)
    Somebody attempted this with an organization for which I administrate a website. They got the Treasurer's email from the site and spoofed the President's email address, asking for the current account balances. Fortunately, the Treasurer wrote to the group's secretary and asked her to handle the request. When she called the President about it, he said he had no idea what she was talking about. Scam never sleeps.
    • Re: (Score:1, Informative)

      by Anonymous Coward

      Where I work, we are required to take a the Kevin Mitnick online security training course every year.

      It is really basic. How to look at an email and detect whether or not it is a scam. Don't click on shady links. Beware of PDF and Word, etc. For many of us, it feels like a waste of time as we are reminded of common-sense stuff that we automatically do anyway.

      But.....the fact is....these scams work, and they hit businesses hard again and again. It totally makes sense for businesses to require their empl

      • I'm not saying that this is bad, but you simply can't spot a good scam email by looking at it. Legitimate invoices do come via email The way to verify this is to find the initial authorization (usually in the form of a purchase order) for the invoice. Many larger companies won't pay any invoice without a purchase order. Unfortunately this also leads to embarrassment as things like domain name renewals end up not getting paid.
      • And those advices are mostly missing the point because scams will just get better. A well made scam would have no shady link, no PDF nor word.

        You need proper procedure in all companies to make money transfers : either an oral confirmation, or an authenticated way to request transfers (or authenticated emails). People just don't know that there is no source authentication in emails.

    • Two things:

      "Administrate" == BAD. "Administer" == GOOD.

      Do money managers really move millions around based on an unauthenticated email?? The mind boggles at the abject stupidity implied....

      • Do money managers really move millions around based on an unauthenticated email?? The mind boggles at the abject stupidity implied....

        Yes. This is far from the first time this kind of scam has been pulled off.

      • by Scarred Intellect ( 1648867 ) on Friday December 15, 2017 @01:35PM (#55746989) Homepage Journal

        Do money managers really move millions around based on an unauthenticated email?? The mind boggles at the abject stupidity implied....

        I know someone who was handling the estate of a deceased parent. She was executor of the will. There were numerous financial accounts in various forms: checking, savings, stocks, bonds...when transferring the money to dole out the inheritance to her other siblings per the will, she had very little trouble with accounts with balances >$100,000, but the smaller accounts provided the most difficulty in terms of verifying authorization.

        500 thousand dollars? Yea, no problem.

        5 thousand dollars? We're going to need to see the notarized birth certificate, current I-9, special power of attorney signed by the owning party in the last 30 days, blood sample, and aqueous humor sample.

    • There are lots of scams involving implicit authorization. Some of the ones I've encountered include
      • Letters made up to look like an official government notice for you to do some required annual government filing. The ones I got were $150 to file a statement of information for your business with the secretary of state. When I took over my dad's business, I dumped these in the trash (you can file it online for $20). My dad had gotten one at his home address, and came yelling at me demanding to know why I
  • Sounds like whoever he outsourced his financial management to is in trouble...

    It's interesting that so many of these scams involve massive wire transfers of funds. Wire transfers aren't too common for individuals in the US, but from what I understand it's the equivalent of handing over a bag of cash to the recipient. If the funds are taken out of the account, there's no way to get it back. Why would anyone, businesses included, rely on such an irrevocable form of payment? I can understand shady internationa

    • Wire transfers can and are reversed all the time. That's where the second victim in the scam (David Aldridge) comes in.

      The fraudster convinces David to accept a wire transfer on her behalf. When he receives the money, he withdraws it and hands over the cash to her. She then disappears. When the bank tries to reverse the wire transfer and finds the money is gone, the person liable for it is the second mark in the fraud, not the fraudster.

      If you've ever gotten a scammy-looking email asking if you'd
  • It won't hurt him much, and it's a small step in the opposite direction of the general trend of all money being concentrated in the hand of the few.

    • I somehow don't think he was scammed by robinhood@sherwood.uk.
    • You're aware that anything that'll work on a billionaire will work equally well on your IRA/401K/whatever, right? How hard would it be to send a couple thousand emails to a couple thousand money managers and skim off 5-10K each?
  • by 140Mandak262Jamuna ( 970587 ) on Friday December 15, 2017 @12:57PM (#55746673) Journal
    Unless it is a routine run of the mill thing to transfer a million bucks from this account to that account, one does not transfer 1 million dollars based on email instruction.

    It is high time the Government investigate if there is a pattern of getting instruction through email and transferring money without asking questions to allow the rich guy deniability. Scenario like this: Rich guy hires goons to do stuff, sends email to financial advisor cryptically pay x $ to account Y. Financial advisor deliberately avoids getting any written instruction, phone calls, oral verification. Even if the police catch the perps, sniff up the money trail of the goons, it would stop at this "financial advisor". Who would again claim victim of fraud.

    They should find ALL the money transfers by that accountant, and see if any of it can be tied to funding illegal activity.

    • I had no trouble closing a retirement account to cover the down payment for a house over the telephone. Zero authentication, no date of birth, no last 4 of SSN, no verification of account number, nothing...it might help that I went to school with the receptionist, and I'm sure they had caller ID to verify my phone number...but still...

      • This is one of the things I like about my bank and my insurance agent they know me when I walk in the door and call me by my name. This is a good thing as even if you had my social it wouldn't help they know me to well and they wouldn't do a major transaction over email. It would be to out of character and they would call me.They have called me because I used my bank card out of town on the opposite side of the state but still in my home state and when I left the state to visit family.

        • If you transfer a million bucks, they will call to make sure, right? Why this accountant did not do that? It is the dog that did not bark, that is significant.
  • The word is stupidity.

  • Working on anti-spam products, I see some of the most amazing things.

    There are dozens of "spoof person A in email to person B to get something valuable" variations. Money, W2 forms, anything.

    A recent favorite is to compromise someone's email. Keep monitoring their email, and when some financial transaction is about to happen, forge an email as if it were from the party receiving the money, to the sender of the money, saying "Oh, because reasons, our bank account had to change, send the money to ...."

    The

"The fundamental principle of science, the definition almost, is this: the sole test of the validity of any idea is experiment." -- Richard P. Feynman

Working...