June 23, 2016 – The Office of National Drug and Money Laundering Control Policy (ONDCP) is warning Antiguan businesses to be aware of a scam that re-directs payments for invoices submitted by email.
The ONDCP has received reports from local businesses that their customer invoices have been intercepted and emailed to their clients with substituted bank account information allowing the funds to be directed into accounts set up by the fraudsters. It would appear that businesses affected have had their computers or email accounts hacked, enabling the interception to occur and the fake invoices to be sent in place of the real ones. Usually, the fraud is not detected until the customer is alerted by complaints from suppliers that payments were not received.
THE SCAM
• Scammers hack into vendor’s/supplier’s email accounts and obtain information such as customer lists, bank details and previous invoices.
• The hacker, purporting to be your supplier, sends an invoice to your business and requests a change to usual billing arrangements and asks you to transfer money to a different account, usually by wire transfer.
• The email may look to be from a genuine supplier and often copies a business’s logo and message format. It may also contain links to websites that are convincing fakes of the real company’s homepage or links to the real homepage itself.
• The scam may not be detected until you receive a complaint from your legitimate supplier that they have not received payment. Protect yourself – Do’s and Don’t’s
• DO have a clearly defined process for verifying and paying accounts and invoices. • DO ensure your staff is aware of this scam and understand how it works so they can identify it, avoid it and report it.
• DO double check email addresses – scammers can create a new account which is very close to the real one; if you look closely you can usually spot the fake.
• DO use contact details that you already have on file for the business. • DO telephone your supplier business to seek verification if you think an email is suspicious.
• DO confirm any changes to the supplier’s original email address on file or changes in payment information. Calling them on known phone numbers can alert them that fraudsters may be trying to intercept the payments
• DO check your IT systems for viruses or malware – always keep your computer security up-to-date with anti-virus and anti-spyware software and a good firewall.
• DO NOT seek verification via email – you may be simply responding to the scammer’s email or scammers may have the capacity to intercept the email.
• DO NOT call any telephone number listed in the email as it may also be fake.
• DO NOT pay, give out or clarify any information about your business until you have looked into the matter further.
Businesses are urged to be on the alert for this type of fraud. The important safeguard is to establish anti-fraud measures that independently double check if a regular supplier provides different bank account details for the payment of invoices. Vendors and suppliers who send billing instructions via email are also encouraged to establish verification protocols with customers for any changes to email and payment details.
REPORT
Businesses which may be victims of this type of fraud can contact the ONDCP at 562-3255 / 562-3256.