A Dutch company in the Randstad region has lost more than 220,000 euros after transferring the amount to a scammer’s bank account. The scammer had intercepted the email correspondence between the company and a supplier in Italy. And so, the money didn’t go to an Italian bank, but to a bank in Scotland.
The Dutch company had ordered tailor-made steel constructions from a manufacturer in the southern European country. The Italian manufacturer sent an invoice by email. The message was followed up by another email giving a new bank account number.
The Dutch company’s admin staff asked for a return email to be sent for verification purposes, but this email ended up with the hacker. The question was whether the new bank number was correct. Of course the answer was ‘yes’.
The duped company went to the police to file a report, but the police referred to Fraud Help Desk. Of course, the company’s management is liable for the damage incurred. According to Dutch case law, the party that pays needs to check whether the recipient’s bank account is correct.
The interception of email traffic between companies is fairly common, particularly when it involves businesses in different countries. The fraudsters are keenly aware that people are hesitant to make international calls to verify matters.