What Is Invoice Redirection?
Invoice Redirection Fraud is where cyber criminals contact your organisation and pretend to be contacting you from one of your suppliers. Generally, this contact takes the form of a request to change or update the bank details that you have on file for that supplier. The new bank details belong to the criminals. When a legitimate invoice subsequently comes in from the supplier the organisation pays the invoice and is generally unaware that they have been defrauded, often until the supplier sends in a reminder to pay their invoice.
How Invoice Redirection Occurs:
The criminals may simply make a phone call to request the change (believe us, it works!) although it is often more likely that this type of crime follows on the back of a successful phishing attack where the bad guys have infiltrated your network or the suppliers’ network, and are now able to pass themselves off in a more convincing manner as perhaps they are able to send emails from someone who has authorisation to request/make those changes.
The Consequences:
For most SME’s the consequences of falling for a scam of this nature can be catastrophic and, depending on the scale of the loss, could result in the closure of the business or redundancies. Time, as they say, is of the essence so while it might be possible for a bank to reverse a bank transfer if they haven’t released the funds, in cases such as this, by the time you realise what has happened, it’s generally too late. In a lot of cases, once the money is gone, it’s gone. In fairness to the Gardai and their respective international colleagues, they do have a track record in recovering some of the money stolen by these scams however, time, once again, plays a part. The recovery of the money may not happen in time to prevent a company having to close its doors. Even if you can continue to operate, added to the financial loss is the possibility that the criminals may have infiltrated your network and, should that be the case, you might find yourself being further targeted by a ransomware attack and/or a data breach.
Prevention Is Better Than Cure:
Unfortunately, there are no magic bullets when it comes to cyber security. There’s no button you can click that will make the world a safer place and protect you from an attack. However, there are steps you can take to mitigate the risks:
People:
Raise awareness among staff and provide them with ongoing training on how to recognise the signs payment fraud before it occurs. End users pose the greatest risk so train them well and train them often.
Organisational:
Review existing security policies, processes, and procedures to ensure they are up to date and embrace best practice in protecting sensitive data. Implement more robust procedures around how payments are made, perhaps requiring multiple levels of approvals for large sums, or perhaps verifying a change of payment details in person.
Technology:
Install a Firewall. Ensure that all software (Anti-Virus, Anti-Malware, OS etc.) is updated regularly and automate the process if possible. Use an Email filtering solution to detect and block fraudulent activity. Implement an SOC/EDR solution to ensure that if something does get past your external security you are monitoring all suspicious activity internally on your network and can shut it down before any damage can be done.
Cyber-crime like this is on the increase so cyber security must be a priority for businesses and should become a topic for discussion at senior management level. Everyone in the organisation plays a part in preventing these attacks so be vigilant and stay safe.
References:
