| Pages in topic: < [1 2 3] > | Is this client legit or shady? Not sure if I should give my bank info out to them Thread poster: Christina Fernandez
|
|---|
| But maybe, just maybe, it's safer than a cheque? | Dec 1, 2018 |
Thomas T. Frost wrote:
I wouldn't be so sure that a SEPA bank transfer is safe in relation to fraud.
Ok guys... but my point was: what is the specific risk directly related to providing you bank details (leaving aside all other possible types of scams)? What is the specific "scam routine" that uses bank details?
Otherwise, I'd say that hacking someone else's bank credentials just in order to scam a translator (again, now exactly?) should be kind of... more difficult and less likely than other types of scam, right?
The overpayment scam has a very clear and direct goal and the same obviously goes for the "simple" non-payment scam, but... using someone else's bank account to "buy a translation"? That doesn't make much sense to me.
As for the notion of only providing your bank details with an invoice... what's the difference? How does that make it any safer? Imagine the scammer receives your wonderfully crafted invoice with your bank details on it... So what? How does that make a difference compared to just providing the details before, in order to, say, receive an advance payment, or the entire payment immediately before issuing the invoice?(*)
(*) In some countries (like Italy, AFAIK), issuing and registering an invoice equates to becoming liable for taxes and social contributions on the invoiced amount and several businesses only issue an invoice AFTER payment.
[Edited at 2018-12-01 16:11 GMT]
| | | | | Article 80 is not about fraud | Dec 1, 2018 |
Article 80 concerns the normal case where an account holder legitimately issues a payment order, in which case the payer cannot revoke the order. So if a known outsourcer pays your invoice, for example, they cannot take the money back.
In the case of an unauthorised payment, there is no legitimate payment order. It is an entirely different case.
Nobody here is spreading paranoia. Warning colleagues against possible fraud and pointing out that beliefs about payment secur... See more Article 80 concerns the normal case where an account holder legitimately issues a payment order, in which case the payer cannot revoke the order. So if a known outsourcer pays your invoice, for example, they cannot take the money back.
In the case of an unauthorised payment, there is no legitimate payment order. It is an entirely different case.
Nobody here is spreading paranoia. Warning colleagues against possible fraud and pointing out that beliefs about payment security may not be based on legal provisions has nothing to do with spreading paranoia.
Having been scammed via PayPal myself, I know how unpleasant it is to be scammed, but some people will only understand it when it happens to themselves. If some people do not want to take precautions, it's their choice, but that should not prevent anyone from warning those who do.
There is no guarantee against bank transfer fraud. Accounts and bank systems can be hacked. Passwords can be stolen. During the TSB IT meltdown in the UK, accounts were hacked: https://www.bbc.co.uk/news/business-44385710 , for example. Account holders who lost money to fraud will be refunded, but there is no guarantee that anyone paid fraudulently will keep the money, unless someone is aware of a legal guarantee that they will.
Scams do happen in reality. It's only a search away to find out about them.
If you don't know who the client and their business are, or if there is any business at all, it can be risky to do business with them. I have no problem giving bank account details to well-reputed clients. ▲ Collapse
| | | | | Always the same pointless discussion | Dec 1, 2018 |
Thomas T. Frost wrote:
Scams do happen in reality. It's only a search away to find out about them.
OK, so find me a single case of an advance payment scam or any scam involving recall of an already made payment, involving a bank transfer and done only using the person's payment details. Until you do, I call your speculating spreading paranoia.
And just to remind you, we're answering here a specific question posed by Christine. We're not talking about general safety of various payment methods and financial institutions. Everybody knows that databases can be hacked and that PayPal is far from safe for sellers. But to hack a banking system you don't need to write to each of the future victims asking for their payment details.
All of this has already been said in the thread Walter linked to.
That being said, I think Christine's email IS a scam. Not because it asks for payment details but because it asks for it out of the blue and is just generally weird. Simply answering it with real payment details won't put her in any trouble though. Which doesn't mean she should do it - even if the client was legit, they don't need her payment details before she sends an invoice - as has already been said. This would also be a sensible answer to it, if one insists on answering.
But it'd also be useful to know who the sender was. My guess is, it's a nobody with no online record and with highly suspicious address ([email protected]). Am I right, Christine? (If I am, you can publish the details here.)
UPDATE:
I take back this sentence:
"Simply answering it with real payment details won't put her in any trouble though."
Being sent a large amount of money by this individual and asked to send it back (which is what's going on here) is quite a trouble, even though you don't lose money yourself. See here: https://www.proz.com/forum/scams/330580-does_this_sound_like_a_legitimate_inquiry.html
[Edited at 2018-12-02 15:59 GMT]
| | | | | Money laundering | Dec 1, 2018 |
Katarzyna Slowikova wrote:
OK, so find me a single case of an advance payment scam or any scam involving recall of an already made payment, involving a bank transfer and done only using the person's payment details. Until you do, I call your speculating spreading paranoia.
There is no need for personal attacks to debate this. When you participate in a forum, you need to accept that people have different views and opinions without accusing them of paranoia or other things.
As I have already said, one risk is money laundering, as it is also described here: https://www.fca.org.uk/consumers/money-transfer-scams . You don't necessarily lose money, but you could end up being prosecuted, fined or imprisoned (in the worst case – unlikely, but it depends on the jurisdiction) if you accept money from people you don't know and return them through other channels. You could end up with a criminal record if you cannot demonstrate that you have exercised due diligence. Possible consequences: you may be unable to get a bank account, credit card, mortgage, consumer loan or other financial services, or you may be turned down for a job.
Katarzyna Slowikova wrote: That being said, I think Christine's email IS a scam. Not because it asks for payment details but because it asks for it out of the blue and is just generally weird. But it'd also be useful to know who the sender was. My guess is, it's a nobody with no online record and with highly suspicious address ( [email protected]).
Exactly. That's why I'm warning against it. As I have said: due diligence. Know your client. Almost any system can be abused to commit fraud. When we don't know that the request is from a legitimate company, it is wise to be careful. We cannot know all the possible scams in advance.
| | |
|
|
|
Kaspars Melkis 
United Kingdom
Local time: 14:35
English to Latvian
+ ...
| It is very simple | Dec 1, 2018 |
Mirko Mainardi wrote:
Ok guys... but my point was: what is the specific risk directly related to providing you bank details (leaving aside all other possible types of scams)? What is the specific "scam routine" that uses bank details?
Some countries (UK, USA) still use cheques and one only needs a sort code (or routing number in the US) and account number to create a counterfeit cheque. Of course, the victim and the bank will quickly realize the fraud and reverse the transaction but that's why the scammer will ask another victim to quickly wire the extra money to his personal account.
You can imagine it works like that: the scammer asks for bank details from Translator 1 and then based on that information prints out a counterfeit cheque that is sent to the Translator 2. Translator 2 then deposits the cheque and wires part of it to the scammer. Now both Translator 1 and 2 have lost money.
| | | | Liviu-Lee Roth
United States
Local time: 09:35
Romanian to English
+ ...
| it is easy to hack your account | Dec 1, 2018 |
Mirko Mainardi wrote:
OK, so I read dozens of posts where people say not to provide bank details... but my question is: how would that scam work, exactly? I mean, if you provide your bank details in order to receive a wire transfer, how can you get scammed?
Having your name and all the bank info (routing and account numbers) a good hacker can use a „brute force attack” and get your password. Then, he can either empty your account or block it, change your password and ask you for ransomware in order to let you have access again.
I translate this type of things on an almost daily basis for the US law enforcement.
It is better to be safe. Do not provide your personal info to people or agencies you don't know.
Lee
| | | | | Reports by people scammed this way? | Dec 2, 2018 |
Sometimes you (unfortunately) read posts here by people who have been scammed one way or the other, but so far I've never read one involving bank details...
Kaspars Melkis wrote:
Some countries (UK, USA) still use cheques and one only needs a sort code (or routing number in the US) and account number to create a counterfeit cheque. Of course, the victim and the bank will quickly realize the fraud and reverse the transaction but that's why the scammer will ask another victim to quickly wire the extra money to his personal account.
You can imagine it works like that: the scammer asks for bank details from Translator 1 and then based on that information prints out a counterfeit cheque that is sent to the Translator 2. Translator 2 then deposits the cheque and wires part of it to the scammer. Now both Translator 1 and 2 have lost money.
Based on your example above, how can both translators lose their money? Either the sum is transferred from 1 to 2, and stays in 2's bank account, so it's only Translator 1 who loses their money, or the unauthorized transfer is reversed and it's only Translator 2 who loses the "difference" they wired back to the scammer. At any rate, if it was so easy to get money out of bank accounts, then bank details would be guarded as heavily as our own personal credentials for online banking, which would basically make them useless, as no one else but us should ever know them... Here in Italy (but I guess all of Europe...) IBANs are no state secret, so much so that you can get one by simply putting something in the cart of an online shop, choose wire transfer as payment method, and voila, there you have it... Those companies would go bankrupt in a matter of days if any scammer could just create fake cheques at will to get money out of their bank accounts...
Liviu-Lee Roth wrote:
Having your name and all the bank info (routing and account numbers) a good hacker can use a „brute force attack” and get your password. Then, he can either empty your account or block it, change your password and ask you for ransomware in order to let you have access again.
AFAIK an hacker doesn't need bank details to hack an online banking account... What they need is the password AND the username, plus possibly to verify the login with a two-step verification (e.g. code sent via text message to the user's cellphone; code generated by a card reader using the debit card tied to that account; etc.) and do the same for every single operation.
As for brute force attacks, I'm not sure it's actually so easy, as that would mean trying an astronomical number of combinations (if you have an half-decent password, that is) to get access, and your bank would block access to your online account after a few failed attempts...
And besides, as I was saying above, even if the hacker DID somehow get the right password, they would still need the username that goes with it...
At any rate, even if one could get scammed so easily by providing their bank details, all they would need to do is get a bank account used ONLY to receive payments and then transfer those sums to their main account(s). The account would basically be always empty and therefore impossible to use to make unauthorized payments...
| | | | Liviu-Lee Roth
United States
Local time: 09:35
Romanian to English
+ ...
| without going into details | Dec 2, 2018 |
Having your name and all the bank info (routing and account numbers) a good hacker can use a „brute force attack” and get your password. Then, he can either empty your account or block it, change your password and ask you for ransomware in order to let you have access again.[/quote]
AFAIK an hacker doesn't need bank details to hack an online banking account... What they need is the password AND the username, plus possibly to verify the login with a two-step verification (e.g. co... See more Having your name and all the bank info (routing and account numbers) a good hacker can use a „brute force attack” and get your password. Then, he can either empty your account or block it, change your password and ask you for ransomware in order to let you have access again.[/quote]
AFAIK an hacker doesn't need bank details to hack an online banking account... What they need is the password AND the username, plus possibly to verify the login with a two-step verification (e.g. code sent via text message to the user's cellphone; code generated by a card reader using the debit card tied to that account; etc.) and do the same for every single operation.
As for brute force attacks, I'm not sure it's actually so easy, as that would mean trying an astronomical number of combinations (if you have an half-decent password, that is) to get access, and your bank would block access to your online account after a few failed attempts...
And besides, as I was saying above, even if the hacker DID somehow get the right password, they would still need the username that goes with it...
At any rate, even if one could get scammed so easily by providing their bank details, all they would need to do is get a bank account used ONLY to receive payments and then transfer those sums to their main account(s). The account would basically be always empty and therefore impossible to use to make unauthorized payments... [/quote]
As I mentioned in the previous post, it is not that difficult to hack, otherwise, I would be out of work ▲ Collapse
| | |
|
|
|
Kaspars Melkis
United Kingdom
Local time: 14:35
English to Latvian
+ ...
| countries are different | Dec 2, 2018 |
Mirko Mainardi wrote:
At any rate, if it was so easy to get money out of bank accounts, then bank details would be guarded as heavily as our own personal credentials for online banking, which would basically make them useless, as no one else but us should ever know them... Here in Italy (but I guess all of Europe...) IBANs are no state secret, so much so that you can get one by simply putting something in the cart of an online shop, choose wire transfer as payment method, and voila, there you have it... Those companies would go bankrupt in a matter of days if any scammer could just create fake cheques at will to get money out of their bank accounts…
Yes, in many EU countries IBAN account numbers is something you put on your website or print on company's letterhead. Not in the UK, we only give them to people we can trust. Of course, business accounts can be more sophisticated, some can be only deposit accounts and not allowing cheque withdrawals and so on. I am just giving you a general idea how the scam works.
But cheques also work to some extent because there are measures in place to control the fraud and generally it shows that these countries have higher trust. Do you know about SEPA direct debit? It is the same system where you give a merchant your account number and they pull the money out of your account. It is now implemented in some EU countries but not in others. A bank clerk in Latvia, I talked one day, couldn't even believe that such thing existed because according to her, it would be immediately abused. It shows how different are perceptions of what you can trust among different EU countries. Whereas I was naively thinking that SEPA means that all eurozone countries have fully harmonized their banking services.
You can read more about direct debit, including SEPA direct debit here: https://en.wikipedia.org/wiki/Direct_debit
| | | | Kaspars Melkis
United Kingdom
Local time: 14:35
English to Latvian
+ ...
| Mirko, you will love this quote from wiki :) | Dec 2, 2018 |
On 7 January 2008, Jeremy Clarkson found himself the subject of direct debit fraud after publishing his bank account and sort code details in his column in The Sun to make the point that public concern over the 2007 UK child benefit data scandal was unnecessary. He wrote, "All you'll be able to do with them is put money into my account. Not take it out. Honestly, I've never known such a palaver about nothing". Someone then used these details to set up a £500 direct debit to the charity Diabetes UK. In his next Sunday Times column, Clarkson wrote, "I was wrong and I have been punished for my mistake."[21]
| | | | | Direct Debit is super-easy to revoke | Dec 2, 2018 |
Direct Debit is no problem. At least in the SEPA area, direct debits can be easily refused by the account holder within two or three months. With my online bank account, this just needs a click of a button. So all you need to do to be safe from direct debit fraud is look into your account once a month, check the debits made to your account, and revoke them if needed. I assume that every account holder does do that anyway.
Money laundering schemes can only work if the victim cooperat... See more Direct Debit is no problem. At least in the SEPA area, direct debits can be easily refused by the account holder within two or three months. With my online bank account, this just needs a click of a button. So all you need to do to be safe from direct debit fraud is look into your account once a month, check the debits made to your account, and revoke them if needed. I assume that every account holder does do that anyway.
Money laundering schemes can only work if the victim cooperates, by forwarding the money to the fraudster (typically using an anonymous payment method like Western Union or Bitcoin or Paysafecard or the like). If the victim does not cooperate, the fraudster cannot do anything; possessing the bank details of the intended victim gains them nothing.
For hacking the account, the bank details are quite useless. You do not enter your IBAN into an online bank page in order to log into your account. So the IBAN will be of no use to anyone who tries to hack bank accounts. And brute force attacks might have worked in the 90s, but not today. They would require that your bank allows unlimited false logins and has no delays between login attempts.
The main methods fraudsters gain access to bank accounts are phishing (luring people into entering their account credentials somewhere or into outright telling them), and data theft at banks or payment providers, mostly by insiders.
Most companies in Europe publish their bank details on their letterheads and their websites, because it is risk-free to do so. ▲ Collapse
| | | | | Money laundering | Dec 2, 2018 |
Kay-Viktor Stegemann wrote:
Money laundering schemes can only work if the victim cooperates, by forwarding the money to the fraudster (typically using an anonymous payment method like Western Union or Bitcoin or Paysafecard or the like). If the victim does not cooperate, the fraudster cannot do anything; possessing the bank details of the intended victim gains them nothing.
Indeed. So the money launderer could pretend to be buying a service for a large amount and then, a few days after paying the money, invent a reason to cancel the project and ask for a refund, pretending there is an unforeseen problem with the original bank account and therefore asking for the money to be returned through another channel. The unsuspecting service provider would not realise they had taken part in money laundering. Money laundering does take place in real life, for example to make it difficult for authorities to trace where ill-gotten gains of all sorts ended up.
If the translator is paid from a hacked account and then refunds the money through another channel, then of course there is a risk that the original amount credited could be returned. This is not a risk with a legitimate client you know, only if you are taking money from an unknown person. In the UK, many people have lost a lot of money by being tricked into sending down payments into the account of fraudsters who have managed to hack into email conversations and send emails with notices about changed bank accounts (UK banks don't verify if the account holder name of the payee is what you thought). Not much of this money is recovered. Where does it go? If a supplier were to be paid from such an account with stolen money, is the supplier then guaranteed to keep it? I don't know. I prefer not to get involved in anything that could be related to this murky underworld.
Handing over the account number alone does not in itself seem to be much of a risk. It is what comes next that can be if you don't know it's a legitimate client. My argumentation is that if the 'client' is some dodgy '123abc' Gmail address that cannot be associated with a legitimate and verifiable entity, then they are most likely up to no good, and no matter what they ask for, they are best ignored.
And Kay-Viktor Stegemann is right that the SEPA Direct Debit scheme does not pose any risk for anyone who keeps an eye on their bank accounts. It is extremely simple to be refunded, also from someone who does have an authorisation in case you don't agree with the amount debited.
| | |
|
|
|
Adam Warren
France
Local time: 15:35
Member (2005)
French to English
| Adding a point to my previous post | Dec 2, 2018 |
As noted by others, it is important to ask the sender for full identifying detals: name, position, address and phone number to begin with.
Kind regards,
AHW
| | | | | It's an attempt at money laundering | Dec 2, 2018 |
I have only now read the latest messages in the thread Walter linked to: https://www.proz.com/forum/scams/330580-does_this_sound_like_a_legitimate_inquiry-page2.html
The email copied there (later in the thread, not the 1st message) has very similar wording and is no doubt the same attempt as the one received by Christine.
I ... See more I have only now read the latest messages in the thread Walter linked to: https://www.proz.com/forum/scams/330580-does_this_sound_like_a_legitimate_inquiry-page2.html
The email copied there (later in the thread, not the 1st message) has very similar wording and is no doubt the same attempt as the one received by Christine.
I would recommend everybody here to click on it and read what it actually was - money laundering.
While it's obviously true that it requires the victim's cooperation (sending the money back), I'd still get slightly nervous, if a large sum of money landed on my account from an obvious scammer...
So yes, I correct my previous stance: providing your invoicing details to suspicious people can land you in trouble in that you have to waste your tome going to your bank, police and who know where else to explain that you're not part of a criminal network. ▲ Collapse
| | | |
Thank you for everyone's comments and replies. They have all been very informative. I asked the client for a picture of a business card or some form of ID, and she sent me her address SSN (not the actual card), and proceeded to say "I hope my details are safe with you."
After reading everyone's posts, I have decided not to give my details to this person. They're too fishy and I have a gut feeling this wouldn't end well. They are supposed to pay me $1500, a very large sum and ... See more Thank you for everyone's comments and replies. They have all been very informative. I asked the client for a picture of a business card or some form of ID, and she sent me her address SSN (not the actual card), and proceeded to say "I hope my details are safe with you."
After reading everyone's posts, I have decided not to give my details to this person. They're too fishy and I have a gut feeling this wouldn't end well. They are supposed to pay me $1500, a very large sum and I don't see how a client would want to pay all that money upfront after I told them they could pay in installments in the first place. ▲ Collapse
| | | | | Pages in topic: < [1 2 3] > | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » Is this client legit or shady? Not sure if I should give my bank info out to them | CafeTran Espresso | You've never met a CAT tool this clever!
Translate faster & easier, using a sophisticated CAT tool built by a translator / developer.
Accept jobs from clients who use Trados, MemoQ, Wordfast & major CAT tools.
Download and start using CafeTran Espresso -- for free
Buy now! » |
| | Anycount & Translation Office 3000 | Translation Office 3000
Translation Office 3000 is an advanced accounting tool for freelance translators and small agencies. TO3000 easily and seamlessly integrates with the business life of professional freelance translators.
More info » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |
Login to reply/comment 
Translation news
