Oct 20

Email hacking and invoice fraud


JC email hacking and invoice fraud

Earlier this month (October 2018) investigators began a full scale enquiry into a fake invoice scam that led a Merseyside NHS trust to pay out nearly one million pounds against bogus invoices leaving the trust a victim of invoice fraud.

Invoice fraud is becoming a particularly common category of fraud in which the fraudster impersonates a supplier thereby deceiving a customer into making payment against phoney invoices. Funds are then innocently transferred by the deceived customer into a fraudulent third party account. Criminals may hack either party’s email account and intercept correspondence thereby gaining valuable details concerning the relationship between the supplier and the customer and so both parties need to be critically aware of the risk of invoice fraud.  Generally, sadly even if payment has been made in good faith, it does not release the customer from his contractual liability to make payment.

In J Brazil Road Contractors v Belectric Solar Ltd [2018] [case number C1EQ331C2] the contractor’s BT email account had been hacked and payment had been made by the customer into the fraudulent account. The court found that although both the customer and the contractor were innocent victims of the scam, the customer was still liable to pay the contractor.

However in G Smith (t/a Devine Improvements) v K Lugg [2018] [case number D1QZ136Q]
JC Solicitors successfully defended a case involving invoice fraud. Here the contractor issued an invoice to the customer by email requesting the customer make contact to ascertain payment methods. The innocent customer made contact by return of email whereupon the email was intercepted and fraudulent bank details were given for payment.

All correspondence between the parties had been made by email and the contractor continued to use the same email address even after the fraudulent activity had been unearthed. It is a necessary precursor that any email account which has been spoofed should cease to be operated. The fraud was not discovered until several days following payment and recovery of the monies was then thwarted; the monies having already been removed from the recipient fraudulent account. The court ordered the beneficiary bank to disclose information about the holder of the account to allow an attempt to trace the funds.

Golden rules to protect yourself:

Always check carefully payment details before making any payment. Consider telephoning the supplier/contractor to check payment details by telephone. Make a note of the name of the person you have spoken to together with the time and date upon which you call.

Scrutinise invoices. Once you have made payment inform the supplier/contractor that you have done so and ask for confirmation of receipt. If you have been the victim of a scam immediately contact your bank and the beneficiary bank to attempt to prevent dispersal of the funds.

Contact the police to report the fraud. If the amount of money involved is significant seek immediate legal advice about whether a freezing injunction could be obtained which will freeze the account into which the monies have been paid to prevent dissipation of the funds.

Consider whether you have an insurance policy which may cover the situation.

Jacqui de Silva