Payment Diversion Fraud involves fraudsters creating false invoices or false requests for payments, or the diversion of payments.
Below is an example of how it appears and happens in a business environment.
A UK retailer was the victim of fraud to the value of £1.1m.
The UK retailer was engaged with a third party to assist with upgrading infrastructure.
In July and August 2021, a person or persons unknown, used fictitious email addresses to trick the UK retailer’s employees into believing they were corresponding with employees from a third party.
Those perpetrating the fraud also tricked employees from the third party to believe they were corresponding with employees from the UK retailer.
Fictitious e-mail addresses were used.
Below are examples of what fake email addresses can look like:
email@example.com (retailer spelt incorrectly)
firstname.lastname@example.org (third party spelt incorrectly)
email@example.com (third party spelt incorrectly and incorrect address)
On a date in July 2021, those perpetrating the fraud used a fake retailer email address, as per the examples above, and obtained from the third party details of upcoming invoice payments, their dates and invoice reference numbers.
On the same date in July 2021, the UK retailer received a request purporting to be from the third party, but sent it instead via those perpetrating the fraud, to send payment for upcoming invoices to a new bank account overseas.
It was cited that the third party had ongoing issues with their usual bank that would not be overcome by the payment due date.
In August 2021, the UK retailer authorised the payment of £1.1m to the requested overseas bank account.
Shortly afterwards, the fraud was discovered.
This fraud contained an unusual modus operandi as both the UK retailer and third party were impersonated during the fraud.
How did this happen?
With this iteration of payment diversion fraud, when the request for payment was made it is likely to have appeared even more genuine due to the initial reconnaissance that has been performed the retailer was impersonated and the supplier was contacted. This would have allowed the fraudster to include correct details of upcoming invoice payments, dates and invoice reference numbers.
How to protect your business
Be cautious with financial transactions: Before paying invoices, check the bank details are correct, especially if advised of a change in account details. The best way to check bank details is to contact the sender through known contact details, not those advising the change (e.g. existing telephone details that you have on file).
Report Immediately: If you think you have been a victim of payment diversion fraud, act quickly, contact your bank immediately as they may be able to freeze the funds before they are moved.
Also, report the fraud to An Garda Siochana.
If you have any questions about payment diversion fraud, please do not hesitate to contact James Hyland and Company at (021) 480 6346 or email firstname.lastname@example.org