An unfortunate farmer from Ireland lost his money to scammers after attempting to pay for online purchase.
According to Ronan Murphy, from the cybersecurity firm SmartTech247, the victim ordered equipment from a UK supplier. Still, the latter earlier clicked on a phishing email that allowed scammers to access his email account. The fraudsters then sent fake banking details to the farmer, who transferred the money to the rogue account.
“The guy followed up to find out where his equipment is and the supplier said, ‘Well you need to pay for it’, and the farmer said, ‘I paid weeks ago’. They said, ‘We haven’t got your money’, and they went checking and the money was gone, cleaned out.”
No precedent in law
Murphy said that the law needs to keep up with changing online threats amid the increasing frequency of these security breaches. He noted that ascertaining who is liable for these incidents involves a very complex process.
In this case, the assumption may be that the liability rests on the supplier who had his email hacked, but Murphy noted that there is still no precedent in law for such an incident.
“This is madness, we’ve got forensic proof and evidence that the vendor was compromised, that their business email was compromised, and that resulted in invoice fraud redirection for a significant sum of money, surely there’s a duty of care, surely they have to be responsible.”
He admitted that he was also surprised to learn that, to date, there is no precedent for this type of incident, but he looks forward to testing cases in the future.
As cyber threats become more sophisticated, he urged businesses to protect themselves and their users by ensuring that their passwords are not compromised.
Cybersecurity firms advise against clicking on any suspicious links in emails and using public internet connections.
Listen to the full episode on Spotify: