• Dr. Florian Meckre

Careful, hacker.

Cybercrime doesn't stop at the art trade either. Florian Mercker, private-wealth art expert, explains the methods used by criminals and how collectors and gallery owners can protect themselves.

If you thought that the art trade was one of the last niches of beauty and good, you may be wrong. Now it happened here, too: Cybercrime - the attack on assets over the Internet.

According to the latest research of the recognized industry journal "The Art Newspaper" hackers have stolen large amounts of money of up to one million British pounds from at least nine galleries and their customers by very simple e-mail fraud. It has affected both the big names and smaller art dealers. Unter is, for example, Hauser & Wirth with branches in Zurich, London, New York and Los Angeles, one of the ten big players in the international market. What has now become known, however, is probably only the tip of the iceberg. In the opinion of recognised insurance brokers, the number of unreported cases is much higher.

What's happening? Actually, it's pretty simple. The fraudsters hack into an e-mail account of the art dealer and read all his correspondence for a while. As soon as the gallery then sends an e-mail invoice - usually as a PDF file - the hackers switch themselves into the e-mail traffic. After the receipt of the invoice created by the gallery, the customer receives another deceptively real mail. In it he is told not to pay attention to the first invoice and to follow the second payment order instead. This goes directly to the account indicated by the hacker. Once received, the amount will be moved immediately - goodbye.

The scammers start wherever large sums of money are transferred between the parties involved. To do this, they do not even have to interfere with the partners' usually well-protected online banking. The deceived customer himself acts as a helpful tool.

The high-priced, international business favors such criminal acts immensely. Between New York, London, Zurich and Hong Kong, a large number of von Kunstkäufen's are handled online and by e-mail. It won't help gallery owners if you set the Know Your Customer Rule as your default. They may know the customer from one of the international trade fairs such as Art Basel Miami Beach, Tefaf or Frieze, perhaps for years. But even if the customer remains the same, the money orders take an unplanned turn. The fraud even goes so far that the collector's receipt of payment is confirmed with a fake e-mail.

This is fatal not only for galleries and their collectors. The scam also affects the artists themselves, who, according to the practices of the art trade, generally receive at least half of the amount collected by their gallery - or not in cases of fraud.

A reimbursement of the damage is hardly possible without appropriate insurance cover. Who should be liable? The bank? Hardly, because this one followed exactly the specifications of the deceived customer. What is piquant, however, is that the deceived collector has a good legal chance of receiving the work of art anyway. The black Peter then lies with the gallery owner - a thoroughly uncomfortable position that has already broken the neck of some market participants.

Even insurance often does not help. If the customer - and not the gallery - has been deceived, the insurance usually does not pay. And even if it is, the amount of damages is usually capped.

Protecting yourself from hackers at 100 Prozent is difficult. But I always advise five precautions. Change your passwords regularly. Keep your antivirus programs up to date. Always use encryption software for important documents. Use two-factor authentication - insist on phone call, SMS, WhatsApp or similar to confirm billing and payment information. And train your employees regularly in correct Internet behavior: do not open spam mails, do not select insecure sites, only trustworthy downloads!