Tuesday, September 15, 2015

Change of Bank details fraud


-Adv. Rajas Pingle, Cyber Law Expert, Netlawgic Legal Services LLP.
Although not new in other countries, the “change of bank details” scam has taken Indian Companies by a storm, where large amount money is getting siphoned off from their respective bank accounts.

Modus Operandi 

The Fraudsters will hack into the email accounts of the targeted Companies and learn about the business transactions between Company A (the seller, the consignor) and Company B (the buyer, the paying company).  Later, fraudsters, impersonating to be Company A, will send fictitious emails (which are very similar to genuine emails) to Company B, claiming that the payment receiving bank account number have changed, and requesting Company B to credit the amount payable to the designated bank account (Fraudster's bank account). Once the money is transferred to the fraudster's bank account, it will be further routed to different bank accounts or will be withdrawn within very short span of time.
The Police investigation shows that its very difficult to pinpoint these fraudsters as they use advanced techniques to hide their 'Internet Protocol' addresses.

To avoid being the next victim, here are some simple precautions.

1) Get the landline numbers of the Supplier's office (even Skype accounts can be hacked) and get in touch with the respective senior management/employees of the Supplier Company.
2) Ask each supplier for their bank accounts in advance and if at all theres a change in the bank account, confirm the same over landline/phone.
3) Email accounts can be hacked we have already established that, for an extra level of safety: have invoices faxed to you, and check whether the sending fax number belongs to the Supplier’s Company.
4)A small amount of wire transfer can be done to check the authenticity of the Supplier's bank account.
5) Watch out for the give aways:
  • Often the letter will include the invitation “in order to confirm this instruction, please call me on my direct dial number xxx” – this will be an unconnected rented line or accommodation office managed by the fraudsters;
  • Similarly beware of supposedly confirmatory emails from almost identical email addresses, eg .com instead of .co.in, or, abcd@xyz1.com instead of abcd@xyz.com which has been set up by the fraudster for that purpose;
  • Does the letter or email contain any errors? – often many typos can be found.
6) The most important thing to do would be, to educate employees/staff in your Company/Organisation by inviting industry experts for trainings/informative sessions on 'Cyber Crimes & Information Technology Law' 
Disclaimer: This does not constitute a legal opinion and would not create Attorney-Client relationship. This article is only for information and awareness purpose and merely a possible interpretation of the law.
Picture - http://siliconangle.com/blog/2015/08/10/ubiquiti-networks-falls-victim-to-46-7m-email-scam/