September 21, 2016

New instances of fraud affecting the credit insurance market

We have seen a number of cases recently, affecting our credit insurance clients, where there have been fraudulent interceptions of email communications in trade transactions.

The most common scenario is that emails between the buyer and seller are intercepted by a third party. The third party informs the buyer, either through a fraudulent invoice sent by email, or through the text of an email, that payments should be made to its bank account, rather than any previous bank account details they have on record for the seller.

Several buyers have been defrauded by such scams, and have transferred payment to bank accounts which do not belong to the seller. The seller has then chased for payment, and the buyer indicates that payment has already been made. Both parties then discover that payment was made to the wrong bank account. The seller will remain unpaid and chase for payment, whilst the buyer will insist it has paid, and in some cases, accuse the seller of responsibility for perpetrating the fraud (eg. through a rogue employee).

How are such scams perpetrated?

There are various methods of perpetrating such scams. One method we have come across is "malware spying" software being introduced into the computer of one of the seller's employees. The software can be introduced through a malicious spam email which, once opened by the employee, results in a "hacker agent" being installed onto the computer. The "hacker agent" allows the computer to be remotely controlled by another user, and also allows the hacker to steal data from the infected system.

A common feature of this type of fraud, is that the third party fraudster makes use of fraudulent email addresses that resemble the seller's original email addresses. This allows the fraudster to intercept emails that were intended for the buyer, but also to masquerade as the seller's employees to correspond with the buyer, allowing the fraudster to provide false instructions to the buyer to divert payment from the intended beneficiary.

In a long chain of emails, the fraudulent email addresses can be very difficult to spot. For example, compare the following fictitious email addresses:

Bernard.Lee@leeandhiggins.com

Bernard.Lee@leeandhigglns.com

It would of course also be possible for a fraudster to perpetrate the fraud through intercepting the computer of one of the buyer's employees.

How do these scams affect credit insurers?

These scams affect credit insurers because buyers will usually refuse to pay a seller when this type of fraud has been perpetrated, arguing that they have paid already and should not have to pay twice. A seller may then seek to claim on any credit insurance policy taken by them to recover the sums due to them by the buyer.

We have acted for parties in cases where legal proceedings have been pursued by a seller to claim sums owed by the buyer to the seller in such circumstances. A key issue in the proceedings has been whether any employees of the buyer or seller were involved in perpetrating the scam, and evidence from technology experts is required to assess the likelihood of this being the case. So long as no involvement of any employees is proved, a tribunal will in many instances find that the buyer remains liable to pay the seller, as payment for the underlying transaction has not been settled.

How can credit insurers seek to avoid losses arising from these frauds?

Whether or not a claim can be made under the relevant credit insurance policy when a fraud has been perpetrated (as outlined above) will depend on the terms of the policy.

Nevertheless, credit insurers can advise their policy-holders to be alert to the possibility of a fraud being perpetrated:

  • One strategy which may assist in avoiding such frauds would be to specify at the beginning of any transaction that any payment instructions, or any deviation to existing payment instructions, must be confirmed by a number of modes of communication (for example, not only by email, but my telephone and fax as well, with contact details having previously been provided).
  • Another strategy would be for both parties to carefully check all email addresses from which they receive any instructions relating to the transaction (particularly any payment instructions).