Case Study :
This is a case study that was undertaken by the Financial Experts at SolutionPlus who have worked into the modus operandi of the fraud committed via gullibility of the advancements made in technology.
FACTS OF THE CASE:
- A client suffered financial loss due to fraud committed by competent hacker, the modus operandi for fraud is discussed below :
P.S: The purpose of sharing this incident is to bring awareness about illegal,carelessness & erroreneous practices prevailing in international business. We have also added a few guidelines so as to assist in minimizing and preventing frauds of such nature.
Fraud Modus Operandi
- Fraudster’s hacked client’s vendor server data and email address.
- Created email address more or less identical to original email address
- For eg: The original email account was firstname.lastname@example.org and a duplicate or fake email id was created as email@example.com.
(This an example illustrating the creation & usage of pseudo email address)
- Fraudster had masked the fake email address. So whenever client received an (incoming) email or happened to double click on the listed email address, it showed up as the original email address firstname.lastname@example.org , while the reply seemed to redirected to email@example.com.
- Fraudster pursued communication with the client in order to build a long-term relationship.
- Since the vendor’s server data was already compromised, the hacker was able to provide invoice and other details as requested by client.
- Once the fraudster gained confidence of the client, he requested the client to disburse SOA payment to a new bank account.
- Surprisingly, the bank account was also opened in the vendor’s name but at an overseas location.
- The Fraudster supported this action by underlying reasons;
a) Due to change in banking regulation and stringent audit requirements, management has decided to collect funds at new bank account.
- Client acted on hacker’s request and processed payment.
- Many a times, such incidents are more prone in economies that are still developing, yet not restricted so to speak.
Guidelines to prevent frauds related to payment to a new bank account of third party.
1. It's crucial to understand that - Payment to new bank account means any payment to third party/offshore country/ different(new/foreign) bank/different bank account/different beneficiary for or on behalf of vendor or agent.
2. If payment request is directly send by the vendor to Accounts, the concerned person in Accounts Department should report any such request to concerned Sales personnel(Marketing Dept) and the Branch Head.
3. Concerned Sales personnel(Marketing Dept) or Branch head should take on the responsibility to make in-person telephonic call and get vendor’s verbal and written confirmation on payment to the new bank account.
4.Branch Head and Accounts Head should collectively review and approve such payments.
5.Accounts Head should report such requests to Management before initiating payment.
6.Accounts should take the time to review SOA and other workings and thereon release payment after verification.
7.Accounts should send payment confirmation to the vendor through new email by selecting email addresses from outlook address book/contacts.
Please Note: ANY TRANSACTION THAT INVOLVES PAYMENT CONFIRMATION, SHOULD STRICTLY ADHERE TO SPECIFIC GUIDELINES :
# Do Not Reuse Forwarding,Trailing or Previously Replied Messages as a form of communication for payment.
- Lastly, if the policies are defined at the very onset of any business venture, that any financial loss to organization due to erroreneous,carelessness or delayed payment to the vendor, will be shared collectively by concerned sales personnel, Branch Head, concerned person in accounts department and Accounts Head or partners in crime.
Inputs: Solution Plus Expert Panel
- Solution Plus Expert Panel