The Clare Champion Clare news, sport, entertainment and local notes
WITH digital fraud continuously on the rise, Clare gardai have warned businesses to be vigilant about a particular email scam.
Business email compromise fraud, also known as invoice re-direct fraud, is where a fraudster sends an email to an individual or a business pretending to be a supplier and asks for an invoice to be paid immediately, usually to a new bank account because “they’ve changed bank”, etc.
They provide a new IBAN and BIC code for this new account and often the target does not know that it has been a victim of a crime until sometime later when the legitimate supplier sends a reminder for invoice payment.
To do this, fraudsters might send an email with a spoof email address, a ‘spear phishing’ email (an email that looks like it’s from a trusted source), or use malware to take over a legitimate business email account and send an email from that.
In most cases, the money stolen is transferred abroad; in some larger cases, data is also stolen. Another related issue is the proceeds of these crimes abroad being laundered through bank accounts in Ireland.
Unfortunately, no business is immune to this type of scam – the victims of business email compromise fraud range from very small businesses to large corporations. All employees should be aware of this fraud and receive training to avoid this type of scam.
How to avoid business email compromise fraud?
• Always be suspicious when asked to send money to a new bank account – delay the transfer while you phone the company to double-check if the bank account has changed (and ensure you’re not dealing with a fraudster)
• Any time you are asked to change bank account details on a system, check the location of the IBAN (via a Google search), check the URL and the spelling
• If employees are using personal computers/laptops to work from their homes, it is imperative their antivirus software is kept up to date.
• Businesses should have robust policies and procedures in place to deal with payment requests of this nature e.g. multiple decision-makers to approve payment or a step to contact a trusted person at the supplier to verify the request. They should also review all existing business relationships regularly and put defensive policies and procedures in place
• Remember, if caught out, ask your bank to do a recall ASAP then report the fraud to Gardaí.
