Cybercrime on banking details

Avoiding Cybercrime Activity When Raising or Paying an Invoice

During my lunchtime today, I watched a television news item which covered an unfortunate concreting business that was scammed of $51,000 by cybercrime.  The scammer was able to access the concreting business’ emails.  The scammer monitored their business’ email activity then when one email contained a $51,000 invoice to a customer of the business, the scammer created their scam.  The scammer changed the payee bank account details on the invoice to redirect the customer’s electronic funds transfer (EFT) payment to the scammer’s bank account.  The money has not been recovered by the concreting business and the sophisticated operations of the scammer have made it impossible to trace the final destination of the $51,000 funds.

I have been thinking how our firm and our clients might protect against similar scamming activity.  In the case of our firm, in the event of our firm changing its banking details, we will firstly advise our clients before forwarding an invoice with the inclusion of new bank account details.

This means, if on any invoice/fee note that might be directed to you (our client) there is a change of bank details of our firm and the payment is made by EFT, unless you have previously been notified by our firm then please do not forward your payment to the bank account as shown on the invoice.  Your identification of a potential scam could occur if, when making an EFT payment to our firm, you notice that the bank account details you currently have in your EFT biller payment system do not match those on our invoice/fee note.

The lessons we could all learn from this instance of scamming via cybercrime could be:

  1. Whenever you or our firm raises an invoice, if, on the invoice a notation could be typed or pre-printed on the invoice that payment of the invoice should not be directed to a new bank account and to contact you (person or business raising the invoice) in the event of there being a variation of bank account details appearing on the invoice.  Obviously, the ability to identify a variation of bank account details could only be possible if a previous EFT payment had been made and appears as saved biller details by your customer.  Obviously, the scammer could likely remove any typed notation on the invoice but at least, it might alert the scammer that you are taking preventative action to avoid unwanted scamming.
  2. When making EFT payments to anyone to whom you have previously made an EFT payment (with EFT biller details being saved), if there is a change of bank account details appearing on the invoice/fee note, the wisdom may be to check with the payee whether bank account details have been confirmed as changed.
  3. The highly desirable maintenance of software cybercrime protection.

JOHN WRIGHT, Principal

Certified Practising Accountants
PH 9457 1666 FAX 9457 4266