In the last few years, there have been multiple reports of frauds committed by various entities towards companies and major establishments. These frauds aimed at stealing money by requesting them to transfer some due amounts to certain accounts. The latest news were published in March 2018 reporting that the football club S.S. Lazio had been duped by an online scammer, which had cost the Italian club 2 million Euros sent to unknown individuals claimed to be officials of Dutch club Feyenoord.
The final installment from Feyenoord’s sale of Dutch defender Stefan de Vrij to S.S. Lazio in 2014 was due to the parent club by the end of the season in May of this year. Lazio has transferred 2 million Euros to the account, but were surprised by Feyenoord officials’ assertion that the Dutch club had not received any funds. They also denied their knowledge of the email that had reached S.S. Lazio via the fake email address.
Another incident took place in October 2015, when the “Indian Express” newspaper reported that an India’s Oil and Natural Gas Company had lost around 1.970 billion rupees in one of biggest online frauds in Mumbai.
The report mentioned that the loss was caused by spoofing the e-mail of the Indian company, with minor modifications, used to persuade Saudi ARAMCO to transfer funds to the fraudsters account instead of the legitimate banking account of the Indian company.
Fraudsters said they depended on the Saudi company not noticing the slight change in the Indian company’s e-mail address.
The above represents recent cases of fraud targeted particular personnel in companies to transfer funds to fake accounts. Many companies have made this mistake; some have lost their money while others are still trying to recover whatever they can recover.
There is no doubt that some fraudsters are making every effort to convince the other party to transfer the due amounts to their accounts ;these efforts include forgery of official signatures, sending certified letters on the company’s letterheads, creating e-mail addresses very similar to the company with minor differences, in order to convince the other party to convert thousands, if not millions of dollars.
Therefore, we find that there are several ways used by fraudsters to deceive various parties to transfer due amounts to fake accounts where these fraudsters end up stealing these amounts and disappear, making it difficult to track them.
There are many procedures and steps to be followed by different departments in companies to avoid the occurrence of such errors, which will be discussed below:
- Verbal confirmation
Always make sure to confirm verbally with the relevant parties in your company before you make the payment. For example, confirm with the procurement department that the supplier is entitled to this payment and that his/her banking account information and communication information are correct.
- Check for changes
Try as much as possible to communicate directly by phone with the other party to confirm the payment, especially if you have a certain doubt where you are provided with a new banking account number or changed any information about the company name or location.
- Verifying unique requests
Such as when the other party sends an email asking you to transfer the amount to a bank account in an outside country, or any other not familiar requests, in this case , it is important to directly communicate with the second party to confirm such requests.
- Double checking email addresses
The most common fraud method is by fabricating e-mail addresses and manipulating them with very simple modifications that a person might not notice if he/she did not give them enough focus and double-checking. For example, email may be manipulated from email@example.com to become firstname.lastname@example.org as we can see, the change may be so simple that you did not notice it and you may communicate with the wrong person, resulting in a money transfer to non-eligible entities.
- Forward instead of Reply
If you receive any email from a second party (clients, suppliers, etc.), Forward the message and then use the addresses stored in your company’s address list to make sure you are communicating with the legitimate beneficiary to avoiding contact with wrong email addresses.
- Practice caution
Make sure that you always fully alert and focused on payments to be transferred, in particular the payments that the beneficiary is required to be completed with urgency or forced circumstances, or may act with you aggressively if you ask him/her for more information and data. Often the cause of urgency is fear by the second party of fraud detection. Always take your time and do all the means to avoid making mistakes.
- Beware of confidentiality
In the event where the beneficiary requests the payment to be confidentially processed without disclosing any information, you must communicate directly with the responsible parties in your company to confirm the request and then communicate with the beneficiary company itself by telephone for confirmation.
Many fraudulent cases of remittances were caused by negligence of the financial department staff who are responsible for making the transfers. Simple additional steps should be taken to confirm and validate that the beneficiary’s address and data were changed by making a simple telephone call with the other party and communicating with other departments in the company as further proof.
The company should also raise awareness of its employees about this type of risk by attending specialized training courses and continuously guiding staff.