Have Your Communications Been Hacked?

It is easy to accept information in emails as genuine but at Red Dragon we recently had an issue which caused us to question the safety of this medium for business use. We had received an order from a new client in Australia and were waiting to receive the payment for the valves prior to shipping them. We started an investigation to identify what had happened when we were told that the payment had gone through but we hadn’t received it.

We identified that our client had been the victim of a hacker, his email account had been spoofed and all of his inbox contents had been controlled by someone unknown. The pdf invoice we sent had been altered to show completely different bank details prior to it landing in his inbox and he made the payment without any hint that it wasn’t genuine. The emails between our companies were being intercepted and changed and this didn’t become apparent until we were discussing it over the phone. Our client was too late to recover the funds once we realised what had happened and he then needed to resolve the issue of his email being spoofed before it affected his other transactions. We successfully supplied his valves and received payment but the client wasn’t able to trace the hacker and did lose several thousand pounds because of it.

With the lessons learnt, procedures implemented and tightened because of this incident we thought we were safe but we were wrong. Another client, this time in Malaysia asked for a quote re-sending. There was just something odd about this that made us look deeper into the history and it’s very good that we did. On checking the previous email in the chain, the content that he received was very different from what we sent. We always send quotes as new emails but the version received seemed to be a direct reply to his enquiry. Not only that but much of our email text had been removed and worryingly a new line added “for easy payment we can issue you our Malaysian Agents account”.

When we spoke to our client about this, he hadn’t noticed the comment regarding payment and was shocked when we explained that he was vulnerable to being scammed out of a lot of money. We then put alternate methods of communication in place for him so that we can verify all aspects of our transactions and ensure security for the supply chain.

It is not clear whether these two instances suggest a regional bias to these events or not but we recommend everyone to be extra vigilant and help prevent ourselves or our clients from being the victims of hackers in this way. From this experience and our subsequent security discussions with IT and communication experts we’d like to share the following recommendations.

• Assume your emails could be compromised and in some cases consider using verbal, fax or post communications which are harder to intercept.
• All emails sent should be either new or a forward, never a direct reply and always type the recipient email in yourself rather than relying on autocomplete.
• Do not use social media platforms for business discussions with clients or suppliers.
• Use strong unique passwords and change them regularly.
• Bank payment details should be faxed, posted or given over the phone to prevent any chance of payments being redirected.
• Employ a good antivirus and firewall on all your devices, keep them updated regularly and never open any unexpected or strange sounding attachments without checking they are genuine, even if they’re from your bank.
• Install all security based updates for your operating systems on servers, desktops, laptops, tablets and phones.
• Always verify contractual and payment related details before taking action.

Tel: +44(0)1443 772500
Email: sales@reddragonvalves.co.uk
Web: www.reddragonvalves.co.uk


Published: 17th November 2016

BVAA Strengthens Board with New Members

Rachel Wormald, Managing Director at YPS Valves Ltd and Elizabeth Waterman, ...

Share on Twitter Share on LinkedIn Read full article

BVAA Valve & Actuator Training News

Are you looking for industry-leading, brand independent valve and actuator ...

Share on Twitter Share on LinkedIn Read full article

Comment by BVAA CEO Rob Bartlett

As can be seen from the photograph, clearly the resident birds at Bartlett ...

Share on Twitter Share on LinkedIn Read full article

Howco Group Invests £1 Million in Vertical CNC Turning Centres

Howco Group has unveiled its latest £1million investment, with the ...

Share on Twitter Share on LinkedIn Read full article

Allvalves: Fuelling Growth Through Customer Connectivity

In 2024, Allvalves is poised for an exciting year of growth and expansion, ...

Share on Twitter Share on LinkedIn Read full article

GMM Pfaudler - Introducing the Normag Brand to the BVAA Community

GMM Pfaudler Engineered Plastics & Gaskets are delighted to bring the ...

Share on Twitter Share on LinkedIn Read full article

Building Industry Connections: A GMM Pfaudler Success Story

In the ever-evolving valve industry, GMM Pfaudler stands out for its ...

Share on Twitter Share on LinkedIn Read full article

SAMSON Controls Participates in the UK CCUS and Hydrogen Decarbonisation Summit

SAMSON Controls Ltd – part of the SAMSON group - a renowned leader in ...

Share on Twitter Share on LinkedIn Read full article