SMEs must watch for increased risk of Covid-19 supplier and invoice scams this Easter in light of Europol warning
FraudSMART outlines advice for businesses on how to identify and avoid Covid-19 related invoice frauds and scams
Friday 10th April 2020 – FraudSMART, the fraud awareness initiative led by Banking & Payments Federation Ireland (BPFI), is alerting Irish SMEs to the increased risk of Covid-19 invoice related scams following serious warnings from Eurpol about fraudulent new supplier websites and domain names coming online. As more and more businesses move online during the current crisis, and accounts personnel work in isolation from home, Irish SMEs are being advised on how best to protect their business and accounts through a new FraudSMART advice which outlines how businesses can identify and protect themselves from these scams.
Highlighting the current dangers for businesses, Brian Hayes, CEO BPFI, who promotes the FraudSMART programme said: “We know that due to the current crisis many legitimate businesses are now moving online having been required to close their physical shops and outlets. We also know from the EU’s law enforcement agency, Europol and it’s operational partners, that there has been a sudden upsurge in the number of new website addresses or ‘domains’ being registered and worryingly over half of those domains which contain the word ‘Covid-19’ have been created for criminal purposes. The fake domains are fronted by bogus and malicious websites established by fake suppliers and vendors who are taking orders for goods and issuing invoices which unwitting and legitimate businesses are paying for, but the goods never arrive.”
“In addition, we also anticipate an increase in a very sophisticated scam known as invoice redirection in which a business is approached by somebody pretending to represent one of their existing suppliers or creditors and told that bank account details for the payment of future invoices should be changed or made to a different account. The request may look authentic, it may appear to be authentic, but on close examination it is a scam. If the request is acted upon, the next legitimate payment will be made directly to the fraudster’s account”.
“In what is an already extraordinarily challenging time for businesses right now, we are advising all companies to be extra cautious when sourcing or purchasing products from new and untested suppliers and to verify in person any requests related to changing bank account details. FraudSMART has put together key advice on what businesses should look out for in relation to these scams and what measures they can take to avoid them. We would urge all businesses to familiarise themselves with these as soon as possible in order to protect their business and its finances. Finally, we would advise that businesses immediately report any suspicious activity to their bank and their local garda station.”
Top advice on fake supplier invoice scams
- Only order goods from an authentic/legitimate source – do not to click on promotional links in emails, instead use your browser to find your desired supplier and check their official website.
- Thoroughly research any new supplier no matter how big or small your order might be. Check out whether their website has been reviewed online across different trusted sources which aggregate customer reviews.
- Beware of lookalike domain spelling errors in emails and websites addressed.
- Check invoices thoroughly for any irregularities including misspellings and grammatical errors.
- Never issue payment instructions on foot of an email alone. Make additional contact via telephone.
- If you don’t know the company or supplier and the offer is too good to be true, it’s definitely a scam.
Key advice on invoice redirection scams
- Verify all requests purporting to be from your creditors, especially if they are asking you to change their bank details for future invoices.
- Do this by phoning a known contact – do not to use the contact details on the letter/email requesting the change. Look up the number independently.
- If possible set up designated Single Points of Contact with companies to whom you make regular payments.
- Instruct staff responsible for paying invoices to always check them for any irregularities.
- When an invoice is paid send an email to the recipient informing them that payment has been made and to which bank account. Be mindful of account security and consider including the beneficiary bank name and the last four digits of the account to ensure security.
- Fraudsters often look for information regarding contracts and suppliers on an organisation’s own website. Consider whether it is necessary to publish information of this type in the public domain and ensure your staff limit what they share about the company on their social media.
Further information on Covid-19 and other fraud types can be found on the FraudSMART website www.fraudSMART.ie
Contact: Olivia Buckley, BPFI, 087 629 8113 or firstname.lastname@example.org
About FraudSMART: FraudSMART is a fraud awareness initiative developed by Banking & Payments Federation Ireland (BPFI) in conjunction with the following member banks, Allied Irish Bank plc, Bank of Ireland, KBC Bank Ireland, PermanentTSB, Ulster Bank, An Post Money and Barclays. The programme aims to raise consumer and business awareness of the latest financial fraud activity and trends and provide simple and impartial advice on how best they can protect themselves and their resources. www.fraudsmart.ie
About BPFI: Banking & Payments Federation Ireland (BPFI) represents the banking, payments and fintech sector in Ireland. Together with its affiliates, the Federation of International Banks in Ireland and the Fintech & Payments Association of Ireland, BPFI has 100 member institutions and associates, including licensed domestic and foreign banks and institutions operating in the financial marketplace here.