Email Hacking Leads to Wire Fraud
A horse shopping excursion to Amsterdam almost left a California dressage trainer the victim of online fraud for hundreds of thousands of dollars when importing horses.
Rebecca Rigdon of Rigdon and Blake Stables in San Diego is sharing her horse purchasing experience. Time played a crucial part in Rigdon’s nightmarish ordeal:
Once the decision was made to purchase two horses, I spoke on the phone to our good friend and agent Egbert Kraack several times.
Like any other purchase we discussed the vetting results and when it came to getting their bank details I spoke to him on the phone. He told me his wife was emailing me the details as we spoke along with detailed information about the vettings. Within the next ten minutes, I received the email from his wife.
The first paragraph detailed both horses’ vettings. It also included information that only they would know with their bank details. My client and I made our way to our banks and proceeded with our wire transfers.
Five business days went by and they had not received the funds, so we sent them a cover photo of both our wire transfer receipts with all of our information. On day seven we received an email from Egbert’s wife saying that the money was finally received and we could all “rest well” that the funds had arrived.
Day eight, I speak to Egbert and he tells me that he cannot fly the horses on their scheduled flights because he has not yet received the funds. I said to him, “what are you talking about, your wife sent me an email yesterday telling me that the funds had come through?!”
He replies, “she never sent you that email.”
Within minutes we discovered someone hacked into his wife Julie’s email, as well as mine. They left the information about the horses‘ vettings as originally written in Julie’s email and had changed the banking details to their own. They then sent the email from Julie’s email only slightly changing the address.
We determined very quickly that we had wired hundreds of thousands of dollars to hackers.
I was corresponding via email half the time to the hacker thinking it was Julie, Egbert’s wife, and the hacker was corresponding with Julie half the time posing as me.
Who knew this degree of hacking into your email system was possible?
They had stolen from us. I was dumbfounded. We were all in shock.
Immediately we went to our banks and filed fraud reports. We both met with our local police in San Diego and filed reports with the FBI.
I called all of my insurance companies in hopes that at least it would be covered via my trainer’s insurance policy. And I could at least pay my client back and maybe even my mother-in law. They all said, “I’m so sorry, but this isn’t covered on your policy.”
I emailed my hacker to maintain contact and to act as if we were none the wiser. I told him or her that we wanted to go ahead and purchase “the ZZ Top Mare that I tried for 500,000 Euro and to please resend their bank details, address, and phone number so we can send the wire asap.”
They responded immediately telling me to “wire the funds to their sister company in Hong Kong since it took so long for the first wire to come through”. The hackers gave me their fictitious address and number. I played along….strung them along…..tried to keep them interested.
We didn’t sleep that night. I called Egbert every hour from 1:00 AM on….he called the local Dutch police, met with the bank which we had wired the money. The banker told him that he “couldn’t tell him if our funds were still there because of privacy,” yet Egbert “sensed” that the banker was trying to tell him that the funds were still there.[irp]
I sent all the emails and proof that our emails had been hacked to the police. Egbert worked tirelessly to prove what happened to the bank and moreover the Dutch police department. Within 12 hours they went into the bank and told them to release the funds back to us.
I then received a call from the President of the bank in Holland. He assured me that they had wired the funds back to us.
They did. Oh my God… I cried. They did it. We did it. We got our horses. If we would have waited even a few more hours to act the money would have been gone.
Rigdon says in the future she’ll only share bank details via encrypted messages to protect the transactions.
Cyber security experts suggest one way hacked emails can lead to wire transfer fraud is when users click on phishing emails. They recommend the following to protect your email accounts:
- Use strong passwords and frequently change passwords on all devices
- Never click on a link, open an attachment, or reply to a suspicious email
- Check your online bank account daily and change your banking passwords often
- Avoid free Wi-Fi to protect against hackers capturing a password
- Never send wire transfers or any sensitive information by email unless it is encrypted
- Install all the updates for your virus protection software and anti-spyware
Don’t be surprised if you are handed a document warning of wire fraud and cyber crime. It may come when buying or selling your home or equestrian property. Specifically, customers are told in writing by real estate agents they will never be asked, via email, to wire or send funds to anyone.
Horse professionals may consider adding to their contracts language warning their customers not to comply with email instructions to wire funds. Speak with your lawyer to see if this meets your business needs.
All the while the criminals that almost took Rigdon continue lurking on the web. Authorities have not caught the hackers so they are probably hot on the trail of another financial windfall.
Don’t let it be at your expense.