FARMERS and agricultural businesses have been warned of cyberhackers infiltrating email inboxes and changing invoice payment details in an attempt to divert money to themselves.
Kevin Prater, owner of Perth agricultural equipment manufacturer DE Engineers, said he was aware of bank details being changed by computer hackers on two emailed accounts his company had sent to clients in the past five months.
Also in that period, a company in the United Kingdom that DE Engineers dealt with had been hacked and bank details altered in a failed attempt to divert money that was due to be paid to DE Engineers, Mr Prater said.
In each case, he said it appeared emailed correspondence in the form of a PDF (Portable Document Format) from DE Engineers had been accessed illegally by a third party while it was in the clients' inboxes before they had opened it.
The PDF documents contained DE Engineers' corporate letterhead and a BSB (Bank State Branch) number for its Western Australian bank and its account details to enable electronic transfer of funds, Mr Prater said.
The hacked and illegally altered documents he had subsequently seen looked identical to the original sent by the company, but the BSB number had been altered to one identified as a Westpac Bank branch and the account number changed, but in the same style and font as the original document so it was undetectable unless the client realised the numbers were wrong, he said.
"I really just want to warn people that this is going on," Mr Prater said.
"I don't know what can be done about it, people just have to be very wary about transferring sums of money electronically - maybe make a phone call and check the details first.
"We might have to change how we do things and contact our clients by phone when we send an electronic invoice, so they know it's in their inbox, but I don't think there's anything more we can do to stop it happening."
In May a northern Wheatbelt client had thought she was electronically transferring a $63,000 deposit on equipment to DE Engineers, but the money did not arrive in DE Engineers' bank account, Mr Prater said.
Enquiries revealed the money had been paid into another account at another bank because the contract to manufacture and request for a deposit sent by DE Engineers had been hacked and bank details on the document altered, he said.
Mr Prater said he did not know whether the client had got her money back.
Earlier this month a Wongan Hills client of DE Engineers almost lost $46,000 to an identical scam, he said.
"Luckily, whoever changed the details made a mistake with the BSB number and the funds transfer didn't go through," Mr Prater said.
"The client rang us to say they couldn't transfer the funds and when we checked the bank account details with them we discovered what we emailed out to them had been changed."
In similar circumstances, bank details on correspondence sent to a UK company to retrieve an inadvertent UK£15,000 overpayment had also been hacked, Mr Prater said.
Again, when the company attempted to transfer funds electronically the transfer did not go through so the company rang DE Engineers and the hack was discovered, he said.