Authorised push payment. Any advice appreciated.

magnetic zero

We looked for a company to install solar panels on our house last summer. We went with a recommended local installer, and we were happy with the install.

My wife received an invoice for the work from the company, and on the same day I received an identical cloned email seemingly from the installer of the solar panels. It transpired that this email was not sent from the legitimate business. The only difference in the content of the emails were the bank details where the money was to be transferred. We subsequently both also received further emails from this person imitating the legitimate business. Neither of us suspected anything unusual at this point, and unfortunately, we paid a large amount of money to this person online to their Revolut account. From research, it seems that this is referred to as an authorised push payment.

While speaking to the installer the day after payment was authorised, it became apparent that we had paid a scammer. We immediately rang our bank(AIB) to request that the transaction be halted, and/or money returned from the scammers Revolut account(based in the UK). I also used the chat facility on Revolut to urge them to try to stop any withdrawals for the account I sent the money to, but they insisted they couldn’t do anything except ask me to contact my own bank to make the request to return the money. We also contacted the Gardaí on the same day to report the crime. AIB informed us that, due to the fact that I had authorised the payment, that there was very little that they could do. They informed us that they could make a single request to Revolut to return any money if it was still in the scammers account. After a number of days, if I hadn’t seen any money return to my account, then there was nothing else they could do.

The installers insist their systems have not been hacked and that our personal email accounts must have been compromised in some way. We don’t know where the truth lies, but the installers understandably are looking for payment. We have also had issues with a certain part of the installation, that is not working correctly. The installers have tried to fix it, but don’t seem to be able to, and are not returning calls in recent weeks. Part of me wonders whether this is because they have not yet received payment.

We are just left querying how likely it would be that a scammer would have the opportunity to clone the legitimate invoice on the same day as the original was sent to my wife and identified our email addresses without finding this information by accessing the businesses records. The gardaí indicated that in their experience, a scammer was far more likely to target a business that a persons private email accounts, as a method of extracting money, but we don’t know how to proceed from here.

We contacted a solicitor who admitted not having much experience dealing with authorised push payments, but he felt that having paid the ‘invoice’ in good faith, that the onus would be on the business in how to proceed.

We don’t really know how to progress.

Any advice on the matter would be greatly appreciated.

_BAA_RAM_EWE

How did the company have both of your emails?

circadian

https://www.boards.ie/discussion/comment/123039036#Comment_123039036

I'm wondering how identical the invoice was, and if it was sent on the same day that suggests a breach on their part. What are the time differences between the mails? If you sent to Revolut, then is there a phone number associated?

magnetic zero

Thanks for the response. From the original pricing and specs of the job a couple of months before we agreed to proceed with the company. We gave both our phone numbers and email addresses as contacts.

circadian

Surely you received the invoice upon completion of the work? Anything before then was a quote.

Did you both get the email at the same time/close in time?

magnetic zero

Legitimate company invoice sent to my wife's email at 1 o clock. I received the cloned email 2 hours and 15 minutes later. The other peculiar part is that the legitimate email to my wife also includes my email address as one also receiving a copy, but I only ever received the cloned invoice. The invoices are identical word for word, company logo etc. The only difference was that it was sent from the name of the individual who installed the system as opposed to the company name, and then on the invoice the payment details were different. The phone number on the main invoice was the same as the legitimate one from the company director.

28064212

Look at it from the company's point of view: they sent you a legitimate invoice, and this invoice hasn't been paid. As far as they're concerned, they haven't done anything wrong, they just haven't been paid for work that they did. I'm not surprised they're not returning calls.

You appear to be claiming that the company has done something wrong, but you're going to have a problem demonstrating that they was negligent and/or compromised. Email isn't secure. To use an analogy from the postal system, email is basically a postcard: anything written on it can be read at any point between the company and you. Trying to prove (even to the level required in a civil suit) that it was the company at fault is likely going to be extremely difficult.

magnetic zero

That is correct. The work was complete when we got the the invoice. Subsequently a part is not working and the company have tried to fix it. This hasn't worked yet, but I was happy to pay at the time we received the invoice because the system was working at that time.

magnetic zero

https://www.boards.ie/discussion/comment/123039118#Comment_123039118

I totally understand it from the company's point of view. My heart sank when we realised what happened. I could be 100 percent responsible of course but I just wondered about the likelihood of there perhaps being a breach on their end.

paulpd

Sounds like it could be a fraud on behalf of an employee who included their bank details.

28064212

https://www.boards.ie/discussion/comment/123039143#Comment_123039143

Oh it's entirely possible the breach was at their end. Your problem would be proving that

magnetic zero

https://www.boards.ie/discussion/comment/123039144#Comment_123039144

Perhaps. My only thought was would it not be very unlikely that we would get the legitimate one and the cloned one so close together if the scammer didn't know when the invoice was going to be sent. I presume they wouldn't just keep checking our emails(if we were hacked) to see when one of us eventually got an invoice for work and then began to clone all the information.

magnetic zero

https://www.boards.ie/discussion/comment/123039036#Comment_123039036

Sorry, I didn't use the quote function properly!

From the original pricing and specs of the job a couple of months before we agreed to proceed with the company. We gave both our phone numbers and email addresses as contacts.

name of the individual who installed the system

Was this installer's name on any other email? Sounds like the installer might have sent a clone of the company invoice, with payment to their own account. They would be in a position to do so.

magnetic zero

https://www.boards.ie/discussion/comment/123039224#Comment_123039224

The installers own name was on the original email quote we received before we agreed to proceed with the company. I would still have had that email. From speaking to the installer numerous times, I wouldn't have had any reasons to doubt him.

It is possible your email account is compromised. They could retrieve the email before you, delete it and send a replacement.

What type of email system are you using?

Is there anything interesting in the email's headers, modern email clients hide this information from users.

magnetic zero

https://www.boards.ie/discussion/comment/123039391#Comment_123039391

Thanks for your suggestion. I use outlook, and I have not noticed anything out of the ordinary as regards my account apart from this incident. I tried to find the headers information but I don't seem to be able to spot it. I initially just presumed that one of our accounts were compromised, but the timing of it nags away at me. I just find it unlikely that someone in a 2hr and 15 minute window managed to know when to access my email and then identify that an invoice was sent, then clone the original one and adjust the payment details before deleting the original one. It could be wishful thinking on my part.

Lenar3556

How much is involved?
I think it more likely that whatever has occurred is on the business side rather than yours. Can you contact Microsoft and start investigating why the original email may not have reached you, and any evidence of your account being compromised?

How long is your contact not returning calls.

DFB-D

https://www.boards.ie/discussion/comment/123039640#Comment_123039640

I think most likely the suppliers email was hacked.

Most self hosted emails (assuming this is the case) can be hacked pretty easily as I understand it. It is possible that they had full access to read and send emails from the account. The fact that they didn't see your follow up correspondence after that and assuming the reply address was the same email from which you received the original email, is a major flag.

Also, any email header can be spoofed, but obviously this won't allow them to read any replies you had made. While it is possible they had access to your account, it would be unusual for a hacker to focus on personal accounts for a scam like this, too much work for no gain.

You should also report this to the data protection commission as well as the guards, there are harsh penalties for the breach but unfortunately the supplier should have had safeguards in place to prevent this from happening and it is very common. Really self hosted emails are too risky for businesses sending invoices by email.

Some sage advice:

Never pay an invoice without speaking to someone using the original contact number to confirm the account number for a bank transfer. Automatically distrust emails from small companies using their own emails (e.g. John@examplesolar.ie), they are constantly being breached without their knowledge.

magnetic zero

https://www.boards.ie/discussion/comment/123039714#Comment_123039714

Over 10,000 euro. The price was competitive with quotes from a number of suppliers.

That's a good suggestion. I'll try to see if Microsoft can shed any light on the missing email part. I'm guessing that would most likely indicate a breach on my account.

The installer has failed to return 6 phone calls, each on separate days since the end of November.

mikehammer..

This has happened before has it not

I seem to recall a very similar case

magnetic zero

https://www.boards.ie/discussion/comment/123039742#Comment_123039742

Paying without ringing to check the details was in hindsight a critical error. I has no reason to suspect any problem. I told my wife I had received the invoice, and she said she had too, so we both just presumed it was the same one.

I had further contact at the time with the scammer in a couple of emails to confirm that payment was made, but again nothing from the language used made me doubt its legitimacy. Thanks for the advice about the data commissioner. I'll do some research on that element too.

mikehammer..

I think the similar case involved a solicitor who had been compromised

Similar type issue arose a payment to a separate person

kippy

https://www.boards.ie/discussion/comment/123040213#Comment_123040213

You'll get no help from Microsoft.

The sum involved here is pretty hefty. This is essentially a form of invoice fraud and it's more common than people think.

Have you followed up with the Gardai since, has the company contacted the Gardai?

https://www.garda.ie/en/crime/fraud/my-company-has-been-targeted-by-an-invoice-redirect-ceo-fraud-what-should-i-do-.html#:~:text=Redirect%20%2F%20CEO%20Fraud.-,What%20should%20I%20do%3F,stop%20the%20transactions%20being%20completed.

Most of this type of thing tends to be B2B attempts and many businesses have processing place (or should have) to ensure that the payment details/change of payment details are authorised when dealing with other businesses (

https://www.ipoi.gov.ie/en/news-events/news-categories-/announcements/misleading-invoices.html )

And indeed there have been a number of arrests over the past few years here:

https://www.breakingnews.ie/ireland/three-arrested-in-multimillion-invoice-fraud-probe-1047942.html

Now, just looking at this part of your post:

My wife received an invoice for the work from the company, and on the same day I received an identical cloned email seemingly from the installer of the solar panels. It transpired that this email was not sent from the legitimate business. The only difference in the content of the emails were the bank details where the money was to be transferred. We subsequently both also received further emails from this person imitating the legitimate business. Neither of us suspected anything unusual at this point, and unfortunately, we paid a large amount of money to this person online to their Revolut account. From research, it seems that this is referred to as an authorised push payment."

Did you discuss with your wife why you might have gotten two seperate invoices for the same job or question why payment to a business was to their Revolut Account?

Anyway, no matter who is at faul here - this is obviously a significant issue.

Have you read this report:

https://data.oireachtas.ie/ie/oireachtas/committee/dail/33/joint_committee_on_finance_public_expenditure_and_reform_and_taoiseach/reports/2024/2024-10-23_report-on-authorised-push-payment-fraud_en.pdf

It may give some advice on how to proceed.

Oscar_Madison

https://www.boards.ie/discussion/comment/123040213#Comment_123040213

It sounds like they’re playing “who blinks first”- ie waiting on you to pay up - in the short-term, you have legitimate right to withhold funds until the work is completed to the required standard - maybe use this time to seek out a solicitor versed in this “modern” type of fraud - it’s a lot more common than what’s publicised- a lot more- so you’re not the first or last.
I do hope you get satisfaction and you’re not out of pocket- where I’ve seen refunds, it’s where a 3rd party intervenes with the persons bank and the bank pay up “as a good will gesture”- but not guaranteed even then - this fraud is becoming common but has been around for a long time - it’s usually large organisations (invoice redirection fraud) but obviously now becoming more mainstream - if bank /revolute won’t refund maybe company will agree to reduce invoice and admit certain liability? You really need to determine did the invoice fraud happen your end or theirs? They are unlikely to admit anything their end so maybe a computer specialist might provide a view on it? Obviously that will cost money too but if you can show it wasn’t your systems doing, it kindof places the ball back in the company’s court somewhat

wandererz

Interested to find out if it was an IE IBAN number on the Revolut account?

magnetic zero

https://www.boards.ie/discussion/comment/123040281#Comment_123040281

Lots to go on here. Thank you. I have read a lot about authorised push payments since this incident. Although there seem to be guidelines,banking rules etc. in place in the UK, there doesen't really seem to be the same help here. Even a simple Google search doesn't show many solicitors who have much experience in this area. Obviously no agency, bank etc wants to have a situation where there is effectively a blank cheque for any victim of fraud, and the onus is still yourself to be mindful of any online payment.

The garda I spoke to had dealt with similar cases and in his experience he said that there was very little hope to recover any of the money, and that it usually results in a compromise payment having to be agreed between the company and the client.

On the day we agreed to make the payment, we both took for granted that we had received the same invoice. It was only after understanding we had been scammed, that we compared ghe invoices- obviously an error in hindsight.

magnetic zero

https://www.boards.ie/discussion/comment/123040329#Comment_123040329

Thanks for your input. I do feel there is an element of letting me stew while I haven't paid the company. I see how this looks from their point of view, and understand why they are reluctant to give support for a service that hasn't been paid for, even if it is not currently working correctly.

Trying to determine who was hacked seems to be the crux of the matter, but proving it is problematic. I would be interested in finding out if a service is available to see if my own account was hacked though.

magicbastarder

the idea that your account was compromised, that someone was watching it, saw the invoice come in, grabbed it and turned it around as a fake within two hours (having deleted the original mail to you) would beg the question - how did they know to watch your account for this?

magnetic zero

https://www.boards.ie/discussion/comment/123040439#Comment_123040439

That's what I feel too. The timing is too coincidental. I think it'd be implausible really, but the company maintain they have not been hacked.

magnetic zero

⁸.