We would like to advise you of a recent criminal case which affected one of our distinguished clients. The financial fraud costed him really lots of money and might also circulate amongst other clients.
How does it work?
A criminal organization is hacking the e-mail account of an EHS client and looks for invoices or other payment invites that have been sent by EHS-staff recently. They take an identity which is very similar to the genuine EHS identities (they even use the same ‘sender’ name). All genuine EHS email addresses are in the format of email@example.com where the ‘xxx’ should be the first name of one of our team members. Those criminals are using email domains with the same sender names, but a slightly different domain name: f.e. firstname.lastname@example.org – making it very difficult for people to notice the minor change. Shortly after receiving an EHS invoice and payment instructions, the same client is receiving an email in which they ask the client to pay to a different bank account.
They claim that there is a technical problem with the bank or that the money should arrive in an EHS’ subsidiary.The new payment instructions look very similar to the original one but are completely fraudulent: EHS letterhead is being used and phone numbers and email addressed are changed into false or non-existing contact details! The client, who is not aware off course that these instructions are false, arranges the payment… and loses the money unfortunately.
These fraudulent practices might not only happen in name of our company and reports have been made of similar fraud affecting people doing business with international firms. So please take utmost care with these malpractices!
What can you do:
- When receiving e-mails with odd bank details, please check carefully the sender’s e-mail address and contact your supplier by phone or text message to verify the authenticity of the payment instructions.
Pay extra attention to following:
- All EHS e-mail addresses are ending on email@example.com (f.e. firstname.lastname@example.org) - there are no other possibilities at all!
- EHS holds bank accounts in Belgium only (BNP Paribas Fortis) and has no other accounts elsewhere in the world.
- EHS has no subsidiaries nor branch offices outside Belgium.
In case of any doubt, please do contact our office by phone (+32 50 626247).