Gardai are warning businesses of all sizes to be vigilant of a new wave of invoice fraud, sweeping the country. Invoice Redirect Fraud is a scam targeting businesses working with suppliers and who regularly perform online financial transactions. This has been widely reported in the media over this past week including The Independent, and Extra.ie
The scammers will contact your business by way of email, letter or phone call purporting to one of your legitimate suppliers. They will inform you that their bank details have changed and request that all further payments should be sent to the new bank account. Of course, the new bank details are not that of your supplier but instead are the details of an account controlled by the criminals.
Inevitably your legitimate supplier will send an invoice in the future for payment of goods or services and you will unwittingly make a payment to the criminals and not the the supplier. It may be sometime before you realise that you have fallen victim and it may only come to light when you receive a reminder from the legitimate supplier for non payment.
All employees and particularly those who deal with accounts and payments should be made aware of this scam and the steps to take to avoid falling victim. At IT.ie we suggest that a safe word or phrase should be used in all correspondence relating to financial transactions both internally and when dealing with suppliers. If this agreed word or phrase is not included in correspondence then a quick phone call to a known contact at the suppliers business address will confirm if correspondence is legitimate or not.
This is a relatively lo-tech scam and yet many businesses are falling victim every day. Employees should be encouraged to question all correspondence relating financial transactions.
I recommend reading our post on CEO Fraud, another scam that targets employees with responsibility for accounts and payments and that has cost Irish companies and public bodies millions of euro over the past year.