Dealers and auctioneers are being urged to be vigilant after a spate of cyber invoice scams.
Fraudsters appear to have hacked ‘dozens’ of email accounts to intercept invoices and doctor them with new bank details.
The scam means that the invoices appear perfectly genuine and clients have little reason to believe they did not come from the dealer or auctioneer. In one recent case a sum of £55,000 was sent to a fraudster’s bank account.
Sandy Rich, a director at Richard Thompson Insurance Brokers, said: “This has affected dozens of dealers already and I have heard that in one instance a seven-figure sum was taken.”
He pointed out that as the issue involves “wilful payment” it means many insurance products would not cover this type of loss.
“We all rely on email so much but it looks like these emails have been completely compromised,” Rich said.
He gave ATG a series of good practice guidelines – including the need to double-check the sort-code and account number with any new beneficiary by phone before sending money.
Aware of the danger
London’s Mayfair Gallery is among those affected.
Jamie Sinai, gallery manager, said that following an incident with a client, the firm is now taking extra precautions.
He said: “A customer had their email compromised and the fraud wasn’t picked up until after they had made their payment of an invoice where the bank details had been changed. We are very aware of the danger.”
He added: “Even though it’s not nice to have to do when you’re making a sale, we have to highlight the issue to our clients.”
The trade associations, including LAPADA and SLAD, have recently warned members to be extra vigilant and double check details with cl ients before making payments.
Marco Forgione, chief executive of The British Antiques Dealers’ Association (BADA), said: “Cyber fraud is becoming a major threat to any business operating in the 21st century, with criminals investing in cutting edge technology to target small and medium-sized enterprises.”
LAPADA chief executive Rebecca Davies said: “Scams and hackers are becoming ever more sophisticated, which is why we featured a cyber resilience expert to offer information and advice at the most recent edition of the LAPADA Conference.”
Email invoice scam: What to do
■ Double-check a beneficiary’s sort-code and account number with a verified contact directly by phone.
■ Send over a small instalment first, before sending a major payment, to ensure the payee’s details are correct and that the funds have been received.
■ Consider using ‘Paym’, which requires additional verification of a recipient’s name and account name.