Sending a fraudulent invoice via a hacked email account is now all it takes to rack up millions from art galleries and their clients.
According to a report by
The Art Newspaper, scam victims include London-based dealers. One such dealer is Laura Bartlett, who lost proceeds of a high-value sale to hackers due to a simple message sent out using the address of the compromised account.
“Ignore my previous invoice. I sent you old bank details; please use this invoice instead.” The report said this was the message received by Bartlett’s client shortly after she sent an invoice, with the buyer falling prey to the fake follow-up email.
Other identified targets were Hauser & Wirth, Simon Lee, Thomas Dane, Rosenfeld Porcini, and Expo Chicago president Tony Karman. In Expo Chicago’s case, the unauthorised payment was averted.
“We have a good system, but someone got in and sent an email to our accountant from my email address with an invoice and a message that said ‘please pay this immediately’,” the report quoted Karman as saying. “Fortunately, our accountant checked the invoice with me and I told him ‘I didn’t send it; it wasn’t me’. We immediately put extra security measures in place.”
For Bartlett, the cyberattack led to her gallery’s closure. “I didn’t have the financial security to weather this kind of scenario,” she said.
“We know a number of galleries that have been affected,” noted art insurance broker Adam Prideaux. “The sums lost by them or their clients range from £10,000 to £1 million.”
The Hallett Independent broker added: “I suspect the problem is a lot worse than we imagine.”
Related stories:
SMEs are targets of cyber breach - Chubb
Brokers – teach your clients how to spot a phishing email