Dubai: A Dubai businessman has urged traders to be alert after an email hacker posed as his suppliers online to embezzle almost Dh360,000.
Abdul Hamid, a Pakistani heavy machinery dealer, said the hacker intercepted his UK suppliers’ emailed invoices for orders worth about £65,000 (Dh358,882).
Hamid instead received ‘invoices’ with the hackers’ banking details and wired the money to the UK as instructed in the emails that appeared genuine.
The ‘invoices’ and bank accounts still carried his suppliers’ names while the fake documents and messages were sent from email accounts virtually indistinguishable from those of his suppliers.
After withdrawing Hamid’s payments, the hacker vanished and his real suppliers’ original emails started coming in.
Meanwhile, trusting Hamid’s track record as a customer, the suppliers had started procedures to ship the goods to Dubai.
But they were soon inquiring about ‘delays’ in payments.
Hamid insisted the money had gone through and even sent copies of his bank’s confirmation.
The shocking truth unfolded when Hamid and his suppliers eventually got in touch over the phone.
“They were perplexed and wanted to know why I had sent the money to a different account this time. I said ‘because you told me to.’ We only realised our email accounts had been hacked after we verbally went over the recent emails between ‘us’ — the suppliers said they had never sent those messages,” Hamid said.
“I was stunned. The hacker had been stalking me online, waiting until I reached a price agreement with the supplier. He then sent me fake invoices and emails posing as the supplier, so he could get the money instead.”
Hamid was on the verge on transferring about Dh551,500 in another deal when he realised the scam.
He said he has reported the incident to Dubai Police and asked his Dubai bank to follow up with the British banks he wired the payments to.
He added that he has also requested the British banks and a UK financial fraud watchdog to alert customers and help track the hacker.
“How could the [UK] banks have accepted my wire transfers into accounts bearing the name of companies that don’t have an account with them? If the beneficiaries’ account name and account details don’t match, please confirm before crediting the account.”
Hamid said there needs to be more digital security against hackers as many documents nowadays are emailed instead of shipped between countries.
“Please don’t accept invoices over email, always ask for a fax — it’s the safest way as there’s no one who can come in the middle. And confirm everything by phone.
“I learnt this the hard way and I don’t want others to suffer what happened to me. Some people cannot afford a loss like that, it could be someone life savings,” he said.
“You don’t know how many weeks or months a hacker will stalk you, learn everything about you and your business partners.
“In my case, he seemed to have the same style of writing and tone. He didn’t even seem in a rush to scam me.”