Our website uses cookies to enhance your browsing experience and to collect information about how you use this site to improve our service to you. By not accepting cookies some elements of the site, such as video, will not work. Please visit our Cookie Policy page for more information on how we use cookies.

Accept All Cookies Necessary Cookies Only Manage Cookies

Invoice Redirect Fraud - 15/5/19

Invoice Redirect Fraud - 15/5/19  

An Garda Síochána wishes to alert the public of the continuing existence of Invoice Redirect Fraud and so called CEO Fraud and urges businesses to remind employees to treat any request to change bank account details with extreme caution. Losses amounting to over €4,400,000 have been reported to Gardaí so far in 2019.

April 2019

In April 2019, alone there have been numerous attempts in relation to this type of fraud with in excess of €2,270,000 stolen. An Garda Síochána in conjunction with Financial Institutions, Financial Intelligence Units Worldwide and Foreign Police forces, have recovered in excess of €1,280,000.

An Garda Síochána works very closely with the Financial Institutions in this regard who have intercepted many transactions of this nature however it can be difficult to recover funds once they have left the jurisdiction so prompt reporting is critical.

In crimes of this nature, criminals send emails to businesses purporting to be one of their legitimate suppliers. These emails contain a request to change the bank account details that the business has for a legitimate supplier, to bank account details that ultimately benefit the criminals. These requests can also come by way of letter or phone call so caution should attach to any request of this nature.

The criminal intention is that when the legitimate supplier next sends an invoice to the company seeking payment for services rendered or goods supplied, the victim business acts on the new banking instructions and sends the payment to the criminal’s bank account where the funds are quickly transferred or withdrawn. In many instances the business does not know it is a victim of this crime until sometime later when the legitimate supplier sends a reminder invoice for payment.

Businesses must ensure that they have robust policies and procedures in place to deal with requests of this nature including escalating the decision making function to supervisory positions and making direct contact with a trusted known person in the suppliers organisation. In this context it is imperative that a suitable known contact person is identified before a business relationship commences with the supplier.

If a business relationship has already commenced and no such checks are in place and a request of this nature is received; independent contact should be made with the supplier to verify the contents of the email. Under no circumstances should contact details contained in the email or attachments be relied upon to verify the request whether these consist of a physical address, an email address or a phone number. In that context, all existing business relationships should be reviewed without delay and defensive policies and procedures put in place.

It is important to note that victims of Invoice Redirect Fraud range from very small businesses to large corporations and the consequences of falling for a scam of this nature can be catastrophic and can result in the closure of businesses and redundancies so all employees should receive training in relation to avoiding this type of scam.
 
Detective Chief Superintendent Pat Lordan, of the Garda National Economic Crime Bureau, says ‘stop and think before you change bank account details for anyone. Ask the question, is this really the person / company you owe money to. Pick up the phone and speak to the person concerned’

NOTE: SEE EXAMPLES BELOW

Examples from April and May 2019

1 – business received an email from a customer requesting that money be transferred to a new account. The email looked like it came from the customer and the money was owed so it was transferred. This lead to 1m US Dollars being transferred to a bank account in Hong Kong. Luckily in this case, this was reported swiftly and in conjunction with the FIU in Hong Kong, An Garda Siochana was able to block the movement of this money in an account there and it has been recovered.

2 – More recently another company reports an email redirect fraud to the value of €463,244.48. An email was received posing to be supplier requesting that account details be changed for payment. Payment of above amount then made. Discovered that email was bogus. Again, due to prompt reporting, An Garda Siochana in conjunction with the financial institution was able to recover 95% of this money

3 – other examples in April 2019 had €123,000 stolen and recovered and a 4th example had €156,000 odd stolen. In both these cases, there was prompt reporting and An Garda Siochana was able to stop the money and have it recalled.

4 – another example of good practice and checks being done by companies is a very recent case where a HR manager reported that a suspect email that was received by payroll and HR department allegedly from the managing director asking to send his pay to new bank details. Staff became suspicious and contacted managing director and it was noticed that the email was bogus. Email was not sent from the managing directors official email it was sent from an email unknown to the company and the managing director. No monies transferred and no economic loss.

Photos are available on the Garda Facebook page.