On 13 November 2020, the food company’s AP team received an email from a known contact at one of their suppliers asking to update the supplier banking details.
This known contact was a senior executive with the supplier. The AP team had been in contact with him many times in the past about various matters. The email was sent from his legitimate email address.
Nothing seemed unusual.
At this point, the food company had two methods it could use to action the change request:
- It could use the eftsure portal to send a secure change request form to the supplier. The supplier would then need to update their banking details in the form.
- It could update the bank details in the portal and then go through the verification process, potentially including email and call-backs, to independently verify the accuracy of the new details.
In this case, the food company opted for the latter option.
Following a period of three days, the supplier did not respond to any verification attempts, raising suspicions that something untoward was occurring. Verification attempts were complicated by the fact that all the supplier’s staff were working remotely due to the pandemic. This made it challenging to contact the relevant people.
Eventually, someone purporting to be from the supplier did respond to verification attempts but was evasive and provided inconsistent details.
Finally, after repeated attempts, eftsure’s team of verification experts were able to reach the original senior executive. He advised that he had not made any request to update any banking details.
This was clearly a case of attempted fraud in which the senior executive’s email account had been compromised.
Thanks to eftsure’s tenacious and robust verification methods, it became clear that something wasn’t quite right. With additional investigations, an attempted fraud was uncovered.
It is thought the scammers deliberately attempted to defraud the food company during the pandemic, knowing it would be hard for them to verify their supplier’s bank details, given that all the supplier’s staff were working remotely.
The food company, which had been due to pay the supplier a sum of $200,000, avoided being defrauded.
Eftsure blacklisted the scammer’s bank account details, so other organisations in the eftsure system could also avoid being defrauded.