An Garda Síochána wishes to warn the public of the continuing existence of Invoice Redirect Fraud and to treat any request to change bank account details with extreme caution.
On the 11th August 2020, Bank of Ireland reported to the Garda National Economic Crime Bureau (GNECB) that a business customer of theirs had been the victim of an invoice re-direct fraud and had lost just over €2.1m. The Dublin based business was making a payment to a UK based business when they received an email purporting to be from this UK business asking them to send the payment to a new bank account number. The Irish business did their due diligence and contacted the number supplied in the email and the person who answered the phone confirmed that all was correct. The money was then sent to the new bank account which transpired to be in Hong Kong. It is now known that the phone number contained in the email was also incorrect and the business was actually talking to the fraudster.
On receipt of the complaint from Bank of Ireland, GNECB immediately initiated enquiries with the injured party in Dublin and with the bank in Hong Kong before seeking the assistance of the authorities in Hong Kong. Following investigations conducted by the Police in Hong Kong on behalf of GNECB, the stolen money was secured in an account there and the return of the money is being arranged.
GNECB would like to advise the public to be wary of such crimes and gives the following advice:
- Ensure that great care and attention is given each time they are asked to change bank account details.
- A phone call should be made to a representative of the company confirming that the bank account is changed and care needs to be taken to ensure that they are talking to a representation of the company and not the fraudster. Under no circumstances should contact details contained in the email or attachments be relied upon to verify the request whether these consist of a physical address, an email address or a phone number.
- Businesses must ensure that they have robust policies and procedures in place to deal with requests of this nature including escalating the decision making function to supervisory positions and making direct contact with a trusted known person in the suppliers organisation.
- All existing business relationships should be reviewed without delay and defensive policies and procedures put in place.
- When working from home be mindful when carrying out roles you would not usually do. Confer with co-workers when you are uncertain about performing a task you are unfamiliar with or is non-standard to your regular duties.
- It is also imperative that where staff are using private computers / laptop for work purposes from their homes that the antivirus softwear is kept up to date.
Detective Superintendent Michael Cryan has said on this matter –
“In many instances the business does not know it is a victim of this crime until sometime later when the legitimate supplier sends a reminder invoice for payment.
It is important to note that victims of Invoice Redirect Fraud range from very small businesses to large corporations and the consequences of falling for a scam of this nature can be catastrophic and can result in the closure of businesses and redundancies so all employees should receive training in relation to avoiding this type of scam.
In this case Gardai with the assistance of Bank of Ireland and the Police in Hong Kong were able to secure this money and ensure it did not fall into the hands of an international criminal organisations. This money was secured because Bank of Ireland acted quickly and reported the matter to Gardai as soon as they became aware of it. Early reporting is essential if there is to be any hope of retrieving the stolen money. This is an excellent example of the co-operation that exists between GNECB and the financial institutions in Ireland.”