Invoice fraud scam – warning to businesses

You’ve possibly heard/read the news items and wonder if this might affect your business.  The answer is yes, it can affect anyone.  Here’s how it happens:

Your organisation has trusted suppliers.  Many of those suppliers require you to pay them by electronic fund transfer – direct from your bank account to theirs.  When you first purchased from them you received their bank account details and you set them up as a payee.  Then, over time, when they’ve invoiced you, you’ve simply selected them from your list of payees and initiated an electronic fund transfer to them.

Then one day you get an email from them that includes their new bank details and that asks you to update your payee information to reflect their changed bank details.

You make the change.

Then their next invoice comes.  You pay them as normal.

Soon they come looking for a payment you think you’ve already made – the crime is revealed.

The explanation?

You’ve been the victim of a scam – it’s called Invoice Redirect Fraud.  The email you received from them requesting that you change the details you had on file for them didn’t actually come from them.  It came from a fraudster who had skilfully emulated the look, feel and even the technical origin of your supplier’s emails.

Perhaps you think this couldn’t happen to you.  Sadly, you’d be wrong.  Losses of €700,000 were reported to the Gardaí in last November alone.  And perhaps more losses were incurred than were reported.  RTE reported just yesterday that Dublin Zoo was defrauded by €500,000 last year – though thankfully some of that money has been recovered.

The problem persists.  And the authorities are taking it extremely seriously.  On Morning Ireland this week Detective Patrick Lordan said that “all employees should receive training in relation to avoiding this type of scam”.

This (invoice redirect fraud) is just one example of the known cyber-threats facing businesses.  It’s widely accepted that it’s an under-reported crime due to the difficulty in tracing the criminals and the potential embarrassment businesses feel having fallen victim.  The nature of technology and the ingenuity of fraudsters also means that more types of scams will inevitably emerge over time.

As Det. Lordan emphasised, training is critical.  The biggest deterrent to this type of crime is end-user awareness.  Your staff need to know what to look for and how they can protect your business from these threats, and others.   Awareness is key and an understanding of how our innocent behaviour can leave us exposed is crucial going forward.

BITS provide training and consultancy on the topic of cyber-crime. See more information here. To get your staff up to speed, contact us today.

See here for more information or call us on 056-7786882 to discuss next steps.

Call us on 01-5252181 to discuss next steps

Your Name (required)

Your Email (required)

Your Message