Bruce King,the lawyer representing the couple,said that the Mercedes-Benz invoice was intercepted by hackers,who altered the attachment to change the bank details and then sent it on from a disguised email address.
“The altered PDF invoice was identical with the original but the bank account details on it had been changed,presumably using some program like Adobe,” he said.
“There was no way on its face that anyone could tell it had been altered.”
King said his clients were “distressed” about the situation and had no idea where the money had gone.
“There is no way of knowing but the funds have likely gone overseas,” he said.
Loading
King said his clients had taken action against Mercedes-Benz after they didn’t have any help from the banks in retrieving the funds.
“[They] contacted the bank into which the funds were wrongfully transferred but by then the funds had been withdrawn by the hackers,” he said.
Angliss and Thompson are suing Mercedes-Benz Australia/Pacific Pty Ltd over the $139,000 that went missing,arguing that they would not have made the payments if they were given the correct bank details.
They claim the conduct was a breach of Australian consumer law.
Loading
“If the plaintiffs had been told the first transfer was to an incorrect account they would have taken steps to recover the payment from the Westpac Bank,” their writ states.
The couple also claim that Mercedes-Benz breached a duty of care by not providing the correct bank details when they signed the contract and instead sending them in an email attachment.
“The plaintiffs were dependent on the defendant providing details of the account into which payment should be made,” the court document states.
“The defendant was or should have been aware that if payment was made into the wrong account,the plaintiffs could suffer loss and damage.”
A Mercedes-Benz spokesperson said the company was aware of the incident,claiming that the customer’s email was compromised resulting in the payments to the incorrect account.
“Following a thorough internal investigation we are satisfied that the email interception was completely independent of our invoicing and email systems,and those of our retail agent,” the company said.
“Mercedes-Benz Australia takes cyber security and data protection seriously.
“As the matter is now before the court we are unable to comment further.”
In a statement,Westpac said it was unable to comment on the case for privacy reasons.
However,the bank said fraudsters were continuing to target Australians through payment redirection scams.
The bank advised customers to always verbally confirm payment details with a business before sending any money.
The Morning Edition newsletter is our guide to the day’s most important and interesting stories,analysis and insights.Sign up here.