BPFI publishes new guide for businesses highlighting dangers of prominent covid-19 scams

Banking & Payments Federation Ireland (BPFI) has today published, through its FraudSMART website a new guide for businesses highlighting the dangers of two major Covid-19 related scams which companies are being targeted with - fake website/fake supplier scams and invoice-redirection scams.

BPFI CEO Brian Hayes said “It is crucial that businesses heed the advice and warnings on fake website and fake supplier invoice scams. We know that Europol and its operational partners have warned that over half of new website 'domains' which contain the word Covid-19 have been created for criminal purposes and we have also heard the warnings from Detective Chief Superintendent Pat Lordan of the Garda National Economic Crime Bureau this morning.”

“In simple terms fraudsters are setting up fake websites which often mimic genuine websites and can be so convincing that it can be difficult to tell them apart. These websites take orders for goods which businesses pay for in good faith, but the money goes to the fraudster and the goods never arrive..”

“The information guide we have published today for businesses sets out the various steps organisations can take to protect themselves from fake supplier scams. BPFI, through its FraudSMART awareness initiative will be working with all relevant business groups, associations and representative bodies across Ireland to get this message out loud and clear to businesses and consumers.”

The guide, which can be found on FraudSMART’s website here also highlights a second scam known as invoice redirection in which a business is approached by somebody pretending to represent one of their existing suppliers or creditors and told that bank account details for the payment of future invoices should be changed or made to a different account. The request may not always be accompanied by an invoice, but if the request is acted on it means that any future legitimate payments will be paid directly into the fraudster’s account.

Top advice on fake supplier invoice scams

• Only order goods from an authentic/legitimate source – do not to click on promotional embedded links in emails, instead use your browser to find your desired supplier and check their official website.
• Thoroughly research any new supplier no matter how big or small your order might be. Check out whether their website has been reviewed online across different trusted sources which aggregate customer reviews.
• Beware of lookalike domain spelling errors in emails and websites addresses. Just because an email contains legitimate logos does not mean that it is genuine. Replicated letterheads are also being used.
• Check invoices thoroughly for any irregularities including misspellings and grammatical errors.
• Never issue payment instructions on foot of an email alone. Make additional contact via telephone.
• If you don’t know the company or supplier and the offer is too good to be true, it’s definitely a scam.
• Consult with your colleagues even when you are working from home.

Key advice on invoice redirection scams

• Pick up the phone to your usual contact in the company (if they are available). If not call someone else in the company to double check the invoice is actually from them.
• Verify all requests purporting to be from your creditors, especially if they are asking you to change their bank details for future invoices.
• Do this by phoning a known contact – do not to use the contact details on the letter/email requesting the change. Look up the number independently.
• If possible, set up designated Single Points of Contact with companies to whom you make regular payments.
• Instruct staff responsible for paying invoices to always check them for any irregularities.
• When an invoice is paid send an email to the recipient informing them that payment has been made and to which bank account. Be mindful of account security and consider including the beneficiary bank name and the last four digits of the account to ensure security.
• Fraudsters often look for information regarding contracts and suppliers on an organisation's own website. Consider whether it is necessary to publish information of this type in the public domain and ensure your staff limit what they share about the company on their social media.
• Consult with your colleagues and pick up the phone to them.

Further information on Covid-19 and other fraud types can be found on the FraudSMART website.

14/04/2020