Cyber crime is increasing at an alarming rate in Ireland and abroad.
Earlier this month, a warning was issued from FraudSMART, which is Ireland’s fraud awareness programme from the Banking Payment Federation Ireland (BPFI).
All SMEs and farmers should be aware of the increased risk of invoice-related scams as fraudsters continue to take advantage of the pandemic by targeting Irish businesses.
The BPFI reported that An Garda Síochána has stated that €10.5m was lost to Irish businesses as a result of invoice fraud last year.
In reality, it may be much higher as many cases are not reported.
Tom runs an agricultural business in Wexford and purchased a piece of farm machinery from a UK company for €85,000.
Normally, Tom would visit the UK manufacturer in person, but due to the pandemic all contact was through email and phone calls.
Tom was sent an email containing the invoice with the banking details, including the IBAN and BIC numbers necessary to make the payment.
He visited his bank to make the necessary money transfer to the specified bank.
Unknowingly to Tom, the manufacturer's email had been hacked and the banking details had been manipulated before Tom received the email into his inbox.
Before Tom was made aware of the problem and tried tracing back the transaction to the receiving bank, which proved very difficult, the monies were long gone.
Tom was at the loss of €85,000 and no machine.
In these cases, banks do not take responsibility, as the receiving bank details are provided by the customer.
Hence, it is vital that the customer (Tom) checks the bank details by directly contacting the company to ensure the bank details are correct before sending any money.
Always use the contact details you know and not the one on the invoice, as this may also have been manipulated.
Invoice redirection fraud has become very prevalent in farming business in particular.
The more cases that are reported and highlighted, the more it will help to prevent it from happening to others.
The six most common types of cybercrime/fraud in Ireland today are:
(1) Payment card fraud - involves the use of a card (stolen or counterfeit) to make direct purchases online or cash withdrawals.
(2) Invoice redirection fraud - this is mainly carried out via email. Attacks of this sort have become very prevalent among farming businesses.
It occurs when a farming business receives an email pretending to represent one of their existing suppliers or creditors, and gives bank account details for the payment of any future invoices.
These new banking details are different from previous bank details. This is nearly always a scam. Always make a phone call or contact the supplier directly to verify this detail.
(3) CEO fraud - this occurs where a junior employee in a business receives an email instruction from a fraudster purporting to be the chief executive officer (CEO), instructing that a particular payment needs to be processed immediately.
The employee sometimes acts on the email. This usually results in big losses, as the email can be false and the money is often long gone before detected.
(4) Email fraud known as phishing - this involves clicking on various links or attachments in emails that appear authentic but are not.
By doing this, malicious software may be downloaded on your PC or other device, allowing a fraudster to track your online activity and identify personal or financial information.
This type of cyber crime is very prevalent to individuals, farm businesses and companies.
(5) Phone fraud, known as vishing or smishing - this involves a fraudster contacting you by phone (vishing) or by text (smishing) pretending to be your bank, credit card company, utility company or a computer company.
The fraudster will try to extract personal, banking or security information from you to commit a fraud against you.
Never give your PIN number to anyone over the phone. A bank will never require this detail over the phone.
(6) Advance fee fraud - in these cases, criminals target victims to make advance or upfront payments for goods or services or financial gains that do not materialise.
Examples of such could be a potential tenant paying a fee or rent in advance for accommodation which does not exist, or romance fraud where the criminal is using a fake profile who then asks for money to visit a sick relative.
There are many other examples such as investment fraud, ticket fraud or lottery fraud. In these cases, if it appears too good to be true, it probably is. Never transfer money to a PO box number.
For more on this topic, see Irish Farmers Journal Money Mentor next week.