We write about this particular China bank scam every six months or so because it just keeps happening, and in ever greater numbers. The Wall Street Journal did a story on it today, entitled, New Techniques Used to Target Business Email and in the last month alone, our China lawyers have received emails from at least three companies (Two U.S. and one from Spain) that were bilked out of between $46,000 and $270,000.
According to the Wall Street Journal (and this jibes with most of what our China attorneys have seen as well), criminals breaking into email accounts and changing bank-account information to capture payments intended for suppliers:
The increasing prevalence of the schemes has drawn the attention of law enforcement. Attackers who once pretended to be executives directing subordinates to transfer money are using new techniques, including malicious software to break into email systems and redirect the payments, said Rick Alwine, a supervisory special agent with the Federal Bureau of Investigation’s Cyber Division.
“We’re seeing an evolution of business email compromises that started around 2013,” he said.
The number of these bank account email scams is increasing, but what remains the same is that most of these wire-transfer requests are for China and Hong Kong:
In an analysis of 44 recent fraudulent transfers, 84% of the transfers went to accounts in China and Hong Kong where it is more difficult for victims to recover their money, the FBI alert said. The FBI says it has logged nearly 18,000 reports of business email scams since 2013 accounting for $2.3 billion in losses, and complaints about these scams more than tripled last year, compared with 2014.
The Wall Street Journal article does a good job explaining the nature of these scams, but it mostly throws up its hands on how to prevent them and does not discuss at all what its victims can do to try to secure at least some recovery:
SecureWorks says such scams are known in Nigeria as “wire-wire” and are openly discussed in songs and online discussions. A Facebook group calling itself “Wire wire zone” offers to connect scammers with money mules who will transfer funds. “It’s an open bazaar for money laundering,” said Joe Stewart, a director of malware research with SecureWorks.
* * * *
When the buyer sends an order, the scammers step in, ultimately intercepting the seller’s invoice and changing payment instructions before sending it back to the buyer. With the modified invoice, funds are sent to the criminals instead of the seller.
In the U.S., companies are becoming more aware of the risks of email fraud, but Mr. Stewart worries that most businesses aren’t protecting themselves against this newer variation. “True business email compromise is almost invisible to both victim companies involved in the transaction,” he said. “It’s going to take a lot more effort to stop it than a simple reminder to phone the CEO before wiring money on his behalf.
What can you do to prevent it from this scam happening to you? We recommend you do the following:
- Get to know your suppliers who speak English (if you don’t speak Chinese) and get your supplier’s landline phone numbers as that cannot be hacked. Call if you have any concerns.
- Get your supplier’s bank account information in advance and ask them to refer to “bank account information document” on their invoices, rather than listing out full bank details every time.
- Check your bank account every day, maybe even twice a day. If you catch a wire early enough you can sometimes stop it.
- Do a first small wire to confirm the account.
- Note that paying a Chinese company in mainland China is generally safer for you than paying them overseas, be it Hong Kong, Taiwan or anywhere else.
- Have a special procedure for confirming bank account changes with your suppliers.
- Have an internal procedure for confirming all payments over a certain amount.
- Get an insurance policy that covers computer hacking or fraud.
I have said it before and I will say it again, but this time with the Wall Street Journal to back me up: the bank switch scam is the most common, most pernicious and most difficult to detect international scam of which I am aware, and it just unrelentingly keeps happening. And even though the business relationship is often between a Chinese company and a Western company (though we have dealt with this issue on multiple occasions where there was never a Chinese company involved), the perpetrator of the scam oftentimes is in Nigeria or in some country other than China.
This scam usually involves your regular Chinese supplier asking you to make a payment or payments to a new bank account, though it sometimes can involve your very first payment to a new Chinese supplier. Then even after you make the payment or payments, your China supplier insists you still owe it the full amount (oftentimes with added fees) because it never received your payment. When you explain to your China supplier that you in fact did pay it, your supplier points out that the bank account to which you sent the funds is not theirs and that you still owe the money.
This all happened because your Chinese supplier got hacked, either by someone outside or within the company and you indeed have yet to pay it. Or maybe it was you who got hacked.
What can you do if you have already been victimized? We do the following when retained by a company that has been victimized by this fraud:
1. We determine whether there are any insurance claims to be made. This is usually your best chance of recovering all that you have lost, but do not expect your insurance company (as is often true) to pay without a fight. We help by explaining to the insurance company how these scams happen and why you are entitled to coverage under your policy and we get the Chinese supplier to help as well.
2. We try to get some monetary contribution from your Chinese supplier by letting it know that it was (or might have been) their computer system that the scammer hacked and therefore it should pay at least some of our client’s loss. Much depends on our client’s relationship with its Chinese supplier and on what the Chinese supplier perceives its future relationship with our client will be.
3. We try to determine if there is any chance in recovering anything from the perpetrator. This is a very expensive and time-consuming process and there usually has to be a lot of money involved for it to make much sense. Nonetheless, we find that our at least having run this option to ground helps immensely in dealing with both the Chinese supplier and with our client’s insurance company, neither of whom want to pay anything until they are convinced that we have done all that we can to try to recover from the crooks themselves.
Please, please, please, be careful out there.