Art galleries targeted by cyber-thieves
- Published
Cyber-criminals appear to be targeting art galleries and dealers with an email scam that has already fooled some organisations.
The attackers broke into art dealer email accounts and sent buyers duplicated invoices with the bank account details changed.
Several galleries in London and the US that had been affected were identified by the Art Newspaper., external
Art dealer groups have warned people to be vigilant.
The scammers monitored outgoing messages from art gallery email accounts, then intercepted invoices and changed them.
The Rosenfeld Porcini gallery in London was one of the organisations that fell victim to the scam after agreeing the sale of an artwork.
"Around seven or eight hours after we had sent our invoice, the buyers got another email saying that the invoice we had sent out was in the wrong currency and that they should make payment to a different account," Mr Rosenfeld told the Art Newspaper.
The gallery is in discussions with the bank to try to recover the money.
Two-step verification
Another gallery told the newspaper that some dealers had been scammed out of "hundreds of thousands of pounds".
The Simon Lee gallery said it now sends cyber-fraud warnings with its invoices and speaks to clients on the telephone to confirm every transaction.
Enabling two-factor authentication - also known as two-step verification - on email accounts can also make it harder for criminals to break in.
The Society of London Art Dealers has previously warned its members about the dangers of email fraud.
"We are indeed very concerned about this problem," the Director General Christopher Battiscombe said.
"As all of us are compelled to do more and more of our business online, it seems to me inevitable that criminals will focus increasingly in this area and we all need to think about the risks involved and whether we are doing enough to protect ourselves against them."
The group said it had distributed a cyber-security presentation to its members.