“We got scammed!” said a London art dealer after business email compromise (BEC) scammers inserted themselves into a months-long conversation about the sale of a £2.4 million (USD $3.1 million) John Constable painting, spoofing their emails to make it look like the messages came from Simon C. Dickinson Ltd.
“No, we got scammed,” said the Dutch museum Rijksmuseum Twenthe, which now has the work by the 19th century English landscape painter and whose money got whisked away by fraudsters who transferred the funds to a Hong Kong account.
According to Claims Journal, lawyers for the two organizations have pointed fingers at each other’s clients, telling a London High Court that it was the other guy’s duty to maintain email security or to independently confirm that the bank details it received were legitimate.
That’s what BEC scammers do: they spoof emails to convince a target that they’re supplying product X in order to receive payment Y, so please make sure to send payment to bank account blah-blah-blah.