An Garda Síochána wishes to warn the public of the continuing existence of invoice redirect fraud and CEO fraud and everyone should treat any request to change bank account details with extreme caution.
In recent weeks there has been a noticeable increase in this type of crime. Criminals have succeeded in defrauding companies for very substantial amount of money, with one company having lost over €200,000, while another lost almost $500,000. Many people and businesses have lost smaller amounts of money
In crimes of this nature, criminals send emails to businesses/individuals purporting to be one of their legitimate suppliers. These emails contain a request to change the bank account details that the business has for a legitimate supplier, to bank accounts controlled by the criminals. These requests can also come by way of letter or phone call so caution should attach to any request of this nature.
The criminal intention is that when the legitimate supplier next sends an invoice to the company seeking payment for services rendered or goods supplied, the victim business acts on the new banking instructions and sends the payment to the criminal’s bank account where the funds are quickly transferred or withdrawn. In many instances the business does not know it is a victim of this crime until sometime later when the legitimate supplier sends a reminder invoice for payment.
Here is some advices from a businessman who was recently the victim of this type of scam and lost a significant amount of money:
• Trust no email full stop. Incoming and outgoing mails can be blocked or redirected without you being aware. Assume all emails incoming and outgoing in your company are always being read by fraudsters for extended periods of time and that those responsible for payments within your company are a special target for hackers and their email history is being monitored.
• Check all incoming email addresses that they are correct and coming from a trusted source, it’s important also to check other emails addresses copied on the mail chain, in order to check that they are also genuine. The hackers by blocking others on the mail chain isolate the individual making the payment, thus removing any other stakeholder from questioning the payment process. Simple changes such as swopping, adding or deleting letters in a mail address are commonly used to fool you into thinking it’s coming from a genuine source.
• Change requests are a red letter warning. Be especially vigilant for any requested changes of bank payment details, for example, amounts to be paid, account number, name of bank etc.
• Always pick up the phone to your supplier/vendor to verbally confirm the change request details.
Detective Chief Superintendent Pat Lordan, of the Garda National Economic Crime Bureau had the following advice for businesses:
“Victims of invoice redirect fraud range from very small businesses to large companies and the consequences of falling for a scam of this nature can be catastrophic and result in the closure of businesses and redundancies. If you are not sure pick up the phone and speak to someone in the invoicing company.”