Our website uses cookies to enhance your browsing experience and to collect information about how you use this site to improve our service to you. By not accepting cookies some elements of the site, such as video, will not work. Please visit our Cookie Policy page for more information on how we use cookies.

Accept All Cookies Necessary Cookies Only Manage Cookies

Garda Warning Invoice Redirect Fraud - 18/7/18

Invoice Redirect Fraud is a crime targeting businesses working with suppliers and businesses that regularly perform online financial transactions.

In crimes of this nature, criminals send emails to businesses purporting to be one of their legitimate suppliers. These emails contain an instruction to change the bank account details that the business has for a legitimate supplier, to bank account details that ultimately benefit the criminals. These requests can also come by way of letter or phone call so caution should attach to any request of this nature.

The criminal intention is that when the legitimate supplier next sends an invoice to the company seeking payment for services rendered or goods supplied, the victim business acts on the new banking instructions and sends the payment to the criminal’s bank account where the funds are quickly transferred or withdrawn. In many instances the business does not know it is a victim of this crime until sometime later when the legitimate supplier sends a reminder invoice for payment.

Detective Chief Patrick Lordan of the Garda National Economic Crime Bureau said earlier today; "While all cases are different, we want to warn that all Irish companies big and small are being targeted on a daily basis by individuals purporting to being from their suppliers. These individuals will inform the company that their bank details have changed for payment of services so we would ask that companies only change their bank details through direct contact and not by email. The best thing to do is pick up the phone and talk to someone you know in the company”

https://www.garda.ie/en/About-Us/Our-Departments/Office-of-Corporate-Communications/Press-Releases/2015/February/Invoice-Redirection-Fraud-Alert-February-2015.html

Businesses must ensure that they have robust policies and procedures in place to deal with requests of this nature including escalating the decision making function to supervisory positions and making direct contact with a trusted known person in the suppliers organisation. In this context it is imperative that a suitable known contact person is identified before a business relationship commences with the supplier.

If a business relationship has already commenced and no such checks are in place and a request of this nature is received; independent contact should be made with the supplier to verify the contents of the email. Under no circumstances should contact details contained in the email or attachments be relied upon to verify the request whether these consist of a physical address, an email address or a phone number. In that context, all existing business relationships should be reviewed without delay and defensive policies and procedures put in place.

It is important to note that victims of Invoice Redirect Fraud range from very small businesses to large corporations and the consequences of falling for a scam of this nature can be catastrophic and can result in the closure of businesses and redundancies so all employees should receive training in relation to avoiding this type of scam.