Hackers pose as trusted suppliers to business firms
A new internet fraud has scammed thousands of euro from Irish business, gardaí have warned.
The latest online swindle is known as "invoice redirect fraud" or "CEO fraud". Gardaí say sums of €200,000 and €500,000 have been swindled out of Irish firms, by hacking of trusted email addresses.
The fraudster imitates trusted company staff and gets large sums transferred into bogus accounts. In other cases, emails are sent, purporting to be from trusted suppliers. They pose as a supplier that has altered its bank account details.
An Garda Síochána has issued a warning that all requests to change bank account details should be treated with extreme caution.
Legitimate supplier
These fraudulent emails contain a request to change the bank account details that the business has for a legitimate supplier, to bank accounts controlled by the criminals. These requests can also come by way of letter or phone call.
In many instances, the business does not know it is a victim of this crime until sometime later when the legitimate supplier sends a reminder invoice for payment
Gardai have said:
- Trust no email full stop. Incoming and outgoing mails can be blocked or redirected. Assume all emails incoming and outgoing in your company are being read by fraudsters,
- Those responsible for payments are a special target for Hackers and their email history is being monitored,
- Check all incoming email addresses that they are correct and coming from a trusted source, it’s important also to check other emails addresses copied on the mail chain, in order to check that they are also genuine,
- The hackers block others on the e-mail chain and isolate the individual making the payment – thus removing any other stakeholder from questioning the payment process,
- Simple changes such as swopping, adding or deleting letters in a mail address are commonly used to fool you into thinking it’s coming from a genuine source,
- Change Requests are a ‘red letter warning’. Be especially vigilant for any requested changes of bank payment details, for example, amounts to be paid, account number, name of bank,
- Always pick up the phone to your supplier/vendor to verbally confirm the change request details.
Detective Chief Superintendent Pat Lordan, of the Garda National Economic Crime Bureau, had the following advice for business “Victims of invoice redirect fraud range from very small businesses to large companies and the consequences of falling for a scam of this nature can be catastrophic and result in the closure of businesses and redundancies.
Invoicing company
“If you are not sure pick up the phone and speak to someone in the invoicing company.”
Irish organisations caught out in such scams include Trinity College Dublin, which was hit for almost €800,000 in 2017.
"Victims of invoice redirect fraud range from very small businesses to large companies and the consequences of falling for a scam of this nature can be catastrophic," said DCS Lordan.