The Mercedes documents were identical, except for 14 numbers that cost Georgina $38,500
Save articles for later
Add articles to your saved list and come back to them any time.
If you compare the two documents side by side, they appear to be identical.
Every detail looks the same: billing address, invoice number, letterhead and font. Even the price is exact down to the cent.
Georgina Smith is one of several Mercedes-Benz customers that have been scammed.Credit: Joe Armao
The only difference is at the bottom of the second page, where the customer is told how they can make the payment.
And even that has a crucial match that completes the ruse – the bank account name: Mercedes-Benz Australia/Pacific Pty Ltd.
Underneath, however, were 14 numbers that led to Georgina Smith losing $38,500. She had no idea the BSB and account number were connected to scammers.
“It was really hard to tell,” Smith said. “Someone’s come in and basically altered the invoice and the bank account details, pretty much to a tee, like you wouldn’t even know.”
The ploy is known as invoice scamming, where fraudsters intercept emails between customers and businesses to trick them into sending money into the wrong bank account.
Australians lose millions of dollars each year to these types of scams, which tend to target big purchases such as cars and renovations. Often it involves tweaking a PDF file just slightly, so it still looks real.
Mercedes-Benz customers have been targeted several times by this type of scam, resulting in huge losses.
The Sunday Age is aware of three cases where the luxury carmaker’s buyers have been scammed over a period of less than a year. In another case, a woman narrowly avoided losing money after she rang the company’s sales staff to confirm.
Mercedes-Benz AMG A35 sedan. Credit:
They argue they were not properly warned about potential scams and some suspect the carmaker’s emails were compromised.
Smith bought her Mercedes-Benz AMG A35 in late May last year for $90,973 from the company’s Berwick dealership.
The text message that exposed the scam.Credit:
It was her second time buying a Mercedes-Benz, so she did not think anything was amiss when the email came through asking for the deposit.
“That’s why I didn’t call and confirm because I dealt with these people before and it all checked out exactly the same,” she said.
Two days after paying the $38,500 deposit, a Mercedes-Benz staff member contacted Smith to tell her that the money had not yet been received. Smith thought the delay may have been due to the banking system.
However, on June 3 she was texted another copy of the invoice. It showed different BSB and account numbers to what she had received previously.
She contacted her own bank but the money was already gone, likely sent offshore.
Smith said Mercedes-Benz told her that her emails had been hacked and that she had to pay a new deposit. She ended up doing so, after Mercedes-Benz refused to budge despite legal threats.
She said she had an independent IT team analyse her work email servers, which found they had not been compromised.
“It just felt like they’d been through it before, they were like, ‘No, this is your fault’ – and that was it,” she said.
“It still makes me extremely angry. I fought for a long time and then I just had to take it as a loss.”
Racehorse trainer Rob Heathcote was trying to buy a new Mercedes-Benz AMG CLA 35 as a 60th birthday present for his wife when he fell victim to the same scam.
He placed the order in December 2021 but the car wasn’t ready for pick-up until the middle of 2022.
Horse trainer Rob Heathcote, right, ws scammed when he bought a Mercedes-Benz.Credit: Tertius Pickard
“So that’s when a hacker got between Mercedes and myself,” he said.
“And of course, Mercedes wash their hands. They said, ‘Our technical team have said it’s got nothing to do with us and it’s all your fault’.”
Heathcote says the scammers intercepted his communications with Mercedes-Benz’s Melbourne dealership and then sent emails pretending to be either him or the carmaker to carry out the con.
In one email, scammers told him the car was delayed on a ship, despite it already being in Melbourne. He ended up transferring $100,000 to the wrong bank account.
“I got a text from the car salesman at Mercedes that said, ‘Rob, when are you going to pay for the car’?” he said.
“I’ve gone, ‘f—, are you serious?’ I called him straight away and I said, ‘Mate, I paid six weeks ago’.”
After Heathcote’s story received media attention, the Bank of Queensland refunded his money. He thinks it helped that he paid in person at a bank branch, where alarm bells should have gone off.
“I’m still not totally convinced it was all me [that was hacked],” he said. “But of course since this happened, I’ve got more cyber firewalls in my office than the Bank of England.”
A Mercedes GLE 400, similar to the model that Wendy Angliss and Derrick Thompson tried to buy.Credit:
Mercedes-Benz is also facing legal action in a third case, after customers Wendy Angliss and Derrick Thompson lost $139,000 in an invoice scam this year.
The couple argue that they would not have made the payments for the GLE 400d if they were given the correct bank details by the carmaker’s Geelong dealership and that the company should have provided them in person, not as an email attachment.
Mercedes-Benz has argued in its defence that Angliss contributed towards her own damages by not having adequate IT or password security on her email.
In a fourth case, a woman from country Victoria was contacted by scammers in the middle of last year while she was in the process of buying a Mercedes-Benz GLC 300e from its Melbourne dealership.
The scammers told her that the balance of her $98,800 car had not been received and to try a different bank account.
The woman contacted the dealer’s salesperson, who told her not to comply with the request and to change her email passwords.
“They have a duty to tell people to be really careful,” she said.
Mercedes-Benz did not respond directly to questions about whether their emails had been compromised. In a statement, the company said that it took cybersecurity and data protection “very seriously”.
“[Mercedes-Benz] is continually enhancing our processes to safeguard the secure exchange of information between our retailers and customers,” a spokesperson said.
Mercedes-Benz customers have been targeted by scammers.Credit:
“Our retailers are also required to maintain the security of their systems using the latest technology.”
The spokesperson said invoice fraud was not unique to Mercedes-Benz or the car industry.
“It is a risk whenever there is an exchange of financial information online. To mitigate this risk, we are continuously evolving security measures to make online payments safer,” they said.
“We also urge our customers to be vigilant by ensuring an email or invoice purporting to be from a retailer is legitimate by calling the retailer to confirm it is genuine and any account details are accurate.”
Consumer Action Law Centre CEO Stephanie Tonkin said that Mercedes-Benz should be proactively warning customers to be vigilant about payments.
“Unfortunately, our online banking is extremely vulnerable to scams of this nature because of a historic lack of investment in online banking systems,” she said.
The Australian banking industry recently announced it was introducing “confirmation of payee” technology, which will prevent people from making transfers where the account name doesn’t match.
Start the day with a summary of the day’s most important and interesting stories, analysis and insights. Sign up for our Morning Edition newsletter.
Most Viewed in National
From our partners
Source: Read Full Article