Invoice Redirect Scam
Owing to a sharp increase of reported incidents of Invoice Redirect Fraud, we are republishing this post, originally drafted in 2018. Business owners and their staff should be extra vigilant after two companies lost over €700,000 in recent weeks to this simple but effective scam.
How does it work?
The scammers will contact your business by way of email, letter or phone call purporting to one of your legitimate suppliers. They will inform you that their bank details have changed and request that all further payments should be sent to the new bank account. Of course, the new bank details are not that of your supplier but instead are the details of an account controlled by the criminals.
Inevitably your legitimate supplier will send an invoice in the future for payment of goods or services and you will unwittingly make a payment to the criminals and not the the supplier. It may be sometime before you realise that you have fallen victim and it may only come to light when you receive a reminder from the legitimate supplier for non payment.
What should you do?
All employees and particularly those who deal with accounts and payments should be made aware of this scam and the steps to take to avoid falling victim. At IT.ie we suggest that a safe word or phrase should be used in all correspondence relating to financial transactions both internally and when dealing with suppliers. If this agreed word or phrase is not included in correspondence then a quick phone call to a known contact at the suppliers business address will confirm if correspondence is legitimate or not.
This is a relatively lo-tech scam and yet many businesses are falling victim every day. Employees should be encouraged to question all correspondence relating financial transactions.
I recommend reading our post on CEO Fraud, another scam that targets employees with responsibility for accounts and payments and that has cost Irish companies and public bodies millions of euro over the past year.
John Grennan – IT.ie