SMEs and farming businesses have been warned by FraudSMART, the fraud awareness initiative led by the Banking and Payments Federation Ireland (BPFI), about the increased risk of invoice-related scams.
Fraudsters continue to take advantage of the current pandemic by targeting Irish businesses. The BPFI reported in early March that An Garda Síochána said €10.5m was lost to Irish businesses as a result of invoice fraud in 2020. In reality, this figure is likely to be much higher.
These frauds have accelerated since early last year when the BPFI first alerted Irish SMEs to the increased risk of COVID-19 invoice-related scams following serious warnings from Europol about fraudulent new supplier websites and domain names coming online.
FraudSMART states that over half of these new domains which contain the word COVID-19 have been created for criminal purposes.
How to avoid invoice redirection fraud
A Galway-based agricultural business was purchasing farm machinery and sent a deposit of €10,000 to a UK manufacturer which he had done business with before. The remainder amount was requested by email with the invoice attached outlining the bank details. The bank details were actually different to the original deposit ones but this went unnoticed. The business owner visited his bank and made the payment by electronic transfer.
An amount of €55,000 was sent but it was later discovered the payment had been made to a fraudulent account. The owner found it very difficult to get any information from the UK bank where the money was sent and when he eventually succeeded, the funds were gone. In this case, the manufacturer’s email had been hacked.
The Irish business didn’t end up at the total loss of €55,000. As they were an existing customer, the UK company took 50% responsibility. It still cost the customer €27,500 but in this case it was the best-case scenario and things do not usually end this well.
Invoice redirection fraud
According to An Garda Síochána, this type of fraud usually involves criminals contacting farm businesses or sellers by email. These are very sophisticated scams. The criminal can intercept the email, as in the previous example, or the criminal pretends to be a supplier of goods or services that you already do business with. They request that the bank account details of the legitimate company which you already hold be changed on your internal system.
The next time you receive an invoice and make a payment to this legitimate company, the payment is sent to an account controlled by the criminal instead of the supplier. This may not be discovered until a reminder email is received from the legitimate company requesting the funds again. These cases all end up in financial loss and an outstanding invoice to pay.
I am a teenage girl, I live on a sheep farm and I am currently doing home schooling and helping on the farm. I do a lot of online shopping. I make payments using PayPal, which I know is safe, but lately I notice I am receiving texts telling me my parcel is in customs and I need to send a small amount of money, such as €1, to allow my parcel to be delivered. What should I do? Ann
Ann, this is a fraud which is known as Smishing. The fraudster is looking for your bank details to commit a fraud against you. Do not reply to this text and delete it. The fraudster is trying to entice you to divulge your bank details by the small amount of €1. This type of fraud is widespread. All banks encourage their customers to report these fraud attempts to their own bank. Be sure to tell your friends about this type of scam.