Strive Insurance Services

View Original

Cyber Crime: Invoice Redirection

Does your business send or receive invoices by email?

Most businesses these days will answer yes. Unfortunately, this means you’re at risk of Email Compromise and Insurance Redirection Fraud which is rapidly increasing as a cause of insurance claims for businesses. Luckily, there are ways to reduce your risk, and to protect your business if you are a victim of a cyber attack.

Email Compromise is when someone either gains access (usually remotely) to an email account or uses an alternative email that looks very similar to a trusted business address. They can then send what looks like legitimate emails requesting money or sensitive information.

Invoice Redirection Fraud is when  cybercriminals send an invoice with modified bank details so payments are redirected to them. This can occur through email compromise or hacking of accounting systems.

This means that it doesn’t matter whether you’re requesting payment from someone or making payment, you can be targeted by this crime and lose your money. To make matters worse, often these crimes go unnoticed for periods of time until ‘unpaid’ invoices are chased up and people realise that either they have paid or their customer has paid unknowingly into a criminal’s account.  


The hackers then modified multiple invoices changing bank account details and re-sending the emails to the original recipients whose details they are able to see from the intercepted emails.

The following month, a finance officer contacted the clients to follow up on unpaid invoices totaling over $30,000. The clients all informed the business that they have paid the invoices, however following further correspondence it became clear that the invoices had been paid into the hacker’s bank account. Whilst a police report was made, it was highly unlikely – especially giving the delay in becoming aware of the breach – that any monies would be recovered. Understandably, the clients did not feel as though they were at fault as the breach occurred at the business’ end, but the loss of these funds would put the business in serious financial difficulty.

Luckily, this business had taken out a Cyber Insurance policy. The amount of the funds paid into the hacker’s account (minus the insurance excess) were covered so they didn’t have to worry about the breach’s impact on their cash flow. In addition, they had access to a wide range of support including legal advice and forensic consultants to identify the extent of the breach and limit further damage and liability – all of which would have possibly cost them tens of thousands of dollars if they had to engage them separately, but the cost of this support was covered under the policy.


 Tips to reduce your risk:

  • Be alert and carefully review emails and invoices that you receive for:

  • slightly altered email addresses, low-quality graphics, mismatched fonts and spelling and grammatical errors

  • unusual amounts or descriptions of products or services

  • different payment details from previous invoices

  • Store bank details in your Internet banking payee list or accounting software rather than entering it each time

  • Request, provide and/or verify bank details by phone using a pre-existing or known number rather than one on the invoice or email (which may be altered)

  • Where possible use the business’ PayID and check it’s linked to the correct business

  • Whenever possible use two-factor authentication including for emails, internet banking and accounting software

  • If you have multiple people processing accounts receivables and payables, ensure you have processes to limit and authorise payment detail changes

  • Monitor your network and emails for suspicious activity

  • Use strong password policies, anti-virus software etc.

  • Educate staff and customers on the risks and what to look for regarding cybercrime

  • Ensure you have a comprehensive communication process to notify customers/clients if your bank details do legitimately change

  • If possible, set up PayID linked to your business email address

  • Hold a Cyber Insurance policy that will, among other protections, provide you with cover in case payments you are due or due to pay are impacted by cybercrime. Cyber Insurance costs will vary depending on the level of cover and your type of business/level of risk, we have access to very competitive prices with great cover through our network.

 

Here at Strive Insurance, we have implemented a new policy for obtaining bank details:

  • We will no longer request you provide new bank details to us by email

  • We will call you or ask you to call us to provide us with new bank details

  • We may contact you via phone/text to confirm bank details provided to us by email

  • The payment details on invoices we send you, belong to Oracle Group Australia (our Broking group). If they change bank accounts we will notify you by either phone (preferable) or both email and text where possible/necessary. You can call us on 6193 9879 to confirm the change

  • We will also post any important updates on our social media: Facebook, Instagram and LinkedIn

  • We have also always held Cyber Insurance policy for our own business

 

If you are worried that your emails or invoices may have been intercepted:

  • Contact everyone necessary by phone so you can verify the correct details

  • Contact your bank ASAP to see if you can reverse/halt payments. If you think a client’s payment to you has been impacted, ask them to do this

  • Change passwords immediately including for the system you think has been impacted, but any other systems that have the same password (ideally don’t use the same password for different accounts)

  • Contact your Broker/Insurance provider immediately. If you have Cyber Insurance, you will be able to engage appropriate support to minimise the impact of the breach on your business

  • If you don’t have Cyber Insurance, consider getting cover. Just because you’ve been impacted by a cyber attack once, doesn’t mean you won’t be hit again in the future. Cyber Insurance also covers you for many other cyber security issues that we’ll cover in other posts.

If you would like to chat about your Cyber Insurance needs, you can get in touch using the form below or visit our contact page for other ways to get in touch!