Beating the scammers
How to spot and avoid payment scams
Our Sectors • • • •
Technology, Communications & Digital Media Construction, Land & Planning Personal Affairs, Private Wealth & Philanthropy Retail & Hospitality
Our Expertise • • • • • • • • • • • •
Banking & Finance Charities Commercial & Corporate Data Protection & Information Disputes Employment & Immigration Family & Matrimonial Insolvency & Restructuring IP & Technology Real Estate Tax Trusts, Estates & Private Client
Beating the scammers How to spot and avoid payment scams Payment scams are on the increase. They are big business for fraudsters and businesses of all shapes and sizes are being targeted. Laytons’ Disputes Team is seeing a marked increase in clients who have fallen victim to invoice scams. All businesses need to be alert to the risks and to ensure staff (particularly accounts payable staff ) receive training to combat these convincing scams.
Russell Beard Partner russell.beard@laytons.com +44 (0)20 7842 8000
Beating the scammers | How to spot and avoid payment scams
What are payment scams
How do the fraudsters do it?
Payment scams take various forms. Two forms are addressed
Fraudsters obtain information to make credible payment
below.
requests by a number of means including:
Invoice scams
•
“vishing” (telephone call impersonating bank/ supplier/client to get you to reveal confidential
Three forms of invoice scam are as follows:
information) •
•
fraudsters procure information about a supplier/
on a link/attachment which may be infected with
customer relationship and paint a convincing picture
malware)
that they are the supplier when asking the customer
•
“phishing” (fake email which tries to get you to click
•
“malware” (malicious software downloaded from
to pay an invoice to a new account operated by the
phishing emails, ad banners and websites which is
fraudsters
capable of allowing access to IT systems and feeding
fraudsters intercept a genuine invoice sent by email
information back to the fraudsters)
from a supplier and edit it to change the bank details to a new account which the fraudsters control
Fraudsters can also obtain information to make credible
before sending it to the customer from an email
demands from hacked email accounts.
address masked to look like it originates from the •
supplier
Fraudsters often use a combination of these techniques with
fraudsters hack a supplier’s email account and send
both the customer and supplier to get enough information to
an invoice from that account (so it looks entirely
target the right individuals in those organisations and make
genuine) to the customer requesting payment to an
credible payment demands.
account controlled by the fraudster
CEO scams
Common themes
In a CEO scam:
These scams are convincing, but can be spotted and foiled with care. Some common themes we have seen include the
•
the fraudster sends a message (usually an email)
following:
which is dressed up to look like it comes from the CEO or someone in a senior position within your •
•
communications from the fraudsters are persuasive
organisation
and backed up by credible ‘insider’ knowledge. For
the fraudster will request a payment (maybe not in
example:
the first email, the exchange may build to that request) •
•
you may receive an email which requests
the fraudster may place pressure on the recipient,
payment of a specific sum or invoice which you
playing on their supposedly senior position, to make
are expecting to pay
the payment
4 | laytons.com
Beating the scammers | How to spot and avoid payment scams
•
the call or email may come from someone
•
fraudsters can disguise telephone numbers when
using the name of a person you know in the
they call and make a familiar bank/supplier/client
organisation you are expecting to pay and from
number appear on your handset
whom you are used to receiving such requests •
•
•
when fraudsters request payment to a new account,
the email may contain a genuine looking email
a common explanation given is that the supplier’s
address, logos, sign-off and even the real
audit is underway and for, say, two weeks it needs to
telephone numbers for your supplier
suspend its normal accounts and ask that payments
fraudsters may send the request on the letterhead paper of the organisation you are
are instead made to a new account •
expecting to pay; the letter will often bear
requests we have seen provide account details which include:
correct director/company secretary names and what appear to be genuine signatures and
•
company seals
a beneficiary name identical to or which includes the name of the supplier you expect to pay (banks do not allocate payments on
•
the fraudsters will use email addresses which are not
the basis of account holder names – only the
easy to spot as fakes:
account numbers) •
•
the email address may be ‘spoofed’ so it
a beneficiary address the same as your supplier’s address
appears on its face to be a genuine email: e.g. yoursuppliername@supplierdomain.com, but
•
•
fraudsters may follow up the initial request with
behind the ‘spoofed’ address the real address is
emails/calls putting pressure on you to pay quickly,
fraudster@genericdomain.com
often backed up with convincing ‘insider’ knowledge
the email address may be almost identical to
as above
the email address you are used to seeing from your client/supplier, perhaps with just one letter
•
a request may be expressed to be urgent or
•
the recipient may be asked to prioritise the task
changed: e.g. instead of
confidential
yoursuppliername@ISPdomain.com, the fraudsters may use
and not to talk about it
yoursuppliersname@ISPdomain.com •
the fraudsters may create and register a new,
•
a request may be timed so that it is difficult to
similar sounding domain to that used by your
verify the instruction (e.g. when someone who
supplier from which the email is sent: e.g.
would normally authorise a payment is travelling
instead of
– fraudsters can harvest out of office responses
yoursuppliername@supplierdomain.com,
from “phising” campaigns and impersonate absent
yoursuppliername@supplierdomain.co.uk or
colleagues)
yoursuppliername@supplierdomain-com.eu
laytons.com | 5
Beating the scammers | How to spot and avoid payment scams
How to protect your business You can take the following steps to help safeguard your
What to do if you have fallen victim to a scam We will publish a second article shortly explaining steps you
payments:
should take if you suspect your business has fallen victim to a •
scrutinise requests for payments and check they derive from genuine sources
•
scrutinise invoices to check for irregularities
•
verify invoices with your supplier or internal payment requests with your colleague using tried and trusted contact details – telephone is often best if you recognise the voice of the person you are dealing with
•
check account details against tried and trusted account details used previously
•
all requests for payment to a new account should be checked vigorously using tried and trusted contact details
•
when making checks, do not use contact details in the email/letter/fax which accompanied the invoice or request to make payment to a new account even if they appear genuine
•
consider maintaining single points of contact between your business and your suppliers
•
consider dual authentication for account changes
These steps should be taken in conjunction with ensuring: •
your business operates a robust IT system and IT use policy
•
staff (particularly accounts payable staff ) are trained: •
on the dangers of vishing, phishing and malware
•
to take care not to divulge information in response to unsolicited enquiries
•
not to trust an email/call just because the sender/caller has information about your business or tries to put pressure on staff member to make a payment
6 | laytons.com
payment scam.
Beating the scammers | How to spot and avoid payment scams
Disputes
Avoidance, Management & Resolution Our specialist team is experienced in avoiding, managing and resolving claims and disputes in a variety of contexts. Our work involves the identification of legal problems and solving them by effective advice and negotiation. Where necessary we use litigation in a variety of courts and tribunals.
Our Team John Abbott
Miriam Giorgioni
Geraint Thomas
Partner john.abbott@laytons.com +44 (0)20 7842 8000
Registered European Lawyer miriam.giorgioni@laytons.com +44 (0)20 7842 8000
Partner geraint.thomas@laytons.com +44 (0)20 7842 8000
Luke Arnold
Richard Harrison
Ben Thorogood
Solicitor luke.arnold@laytons.com +44 (0)20 7842 8000
Partner richard.harrison@laytons.com +44 (0)20 7842 8000
Solicitor ben.thorogood@laytons.com +44 (0)20 7842 8000
Russell Beard
Paddy Kelly
Daniel Walter
Partner russell.beard@laytons.com +44 (0)20 7842 8000
Partner paddy.kelly@laytons.com +44 (0)20 7842 8000
Solicitor daniel.walter@laytons.com +44 (0)20 7842 8000
Robert Clark
Nicola Khan
Partner robert.clark@laytons.com +44 (0)20 7842 8000
Solicitor nicola.khan@laytons.com +44 (0)20 7842 8000
Sven Clarke
Rebekah Parker
Associate Partner sven.clarke@laytons.com +44 (0)20 7842 8000
Associate Partner rebekah.parker@laytons.com +44 (0)20 7842 8000
Simon Foster
Will Slater
Partner simon.foster@laytons.com +44 (0)20 7842 8000
Consultant will.slater@laytons.com +44 (0)20 7842 8000
laytons.com | 7
This information is offered on the basis that it is a general guide only and not a substitute for legal advice. We cannot accept any responsibility for any liabilities of any kind incurred in reliance on this information.
London
Manchester
Guildford
2 More London Riverside London SE1 2AP +44 (0)20 7842 8000 london@laytons.com
22 St. John Street Manchester M3 4EB +44 (0)161 214 1600 manchester@laytons.com
Ranger House, Walnut Tree Close Guildford GU1 4UL +44 (0)1483 407 000 guildford@laytons.com
www.laytons.com
Š Laytons LLP which is authorised and regulated by the Solicitors Regulation Authority (SRA Nº 566807). A list of members is available for inspection at the above offices.