Orderer and payment fraud on the rise

The fake boss is getting competition. In addition to the "fake president" scam, orderer fraud ("fake identity") and payment fraud ("payment diversion") have also been on the rise in recent years. According to analyses by credit insurer Euler Hermes, these three deceptive crimes have resulted in losses totaling more than 190 million euros since 2014, especially for companies in Germany, Switzerland and Austria. There was a sharp increase in the number of cases in 2018 with +35% compared to the previous year, especially in orderer fraud and with +24% in payment fraud.

Smaller amounts, but easier...

"For fraudsters, both orderer fraud and payment fraud definitely have their appeal," says Stefan Ruf, CEO of Euler Hermes Switzerland. "Both are much easier to execute than Fake President." A fake president scam requires a relatively large amount of strategic planning as well as time-intensive preparation, such as spying on customs. In addition, perpetrators must be skilled at "social engineering" to get employees to make the desired payments while keeping it a secret. "However, to redirect payment flows or provide a different shipping address, a short email is usually enough," Ruf says. "The amounts are usually smaller, but it's quick as a flash - even for several companies at the same time. The numbers speak volumes here."

Fraud is usually only discovered during the reminder run: perpetrators and prey long gone

In orderer fraud, hackers impersonate customers. They initiate an order and then specify a different delivery address for an order via e-mail. For example, shoes are ordered to a vacant building, and the invoice goes to the existing customer. Since the latter never ordered the goods and, more importantly, never received them, he does not pay the invoice.

"The fraud usually only comes to light with the reminder run - several weeks later, depending on the payment deadline. By then, however, the fraudsters are long gone with the loot," says Rüdiger Kirsch, fraud expert at Euler Hermes. "The number of cases has risen sharply recently for both deception crimes. This means they are slowly but surely competing with 'big brother' Fake President."

Hacker fraud: a case for fidelity insurance

The goods or money are gone and, in the worst case, the balance sheet is ruined - usually even if the company has cyber or trade credit insurance. "Trade credit insurance protects against defaults by buyers - but only for real companies, for example, if they are insolvent. However, I can't have a limit of insurance on a fraudster," says Kirsch. "So if there is an underlying fraud and a hacker impersonates a company, has the goods delivered to a different address and this results in a financial loss, this is not a case for regular trade credit insurance, but for fidelity insurance (VSV). Incidentally, cyber insurance usually doesn't pay out for such cases of fraud by hackers either."

Cyber insurance falls short

Cyber insurances usually focus on modules to protect against liability risks as well as against damages resulting from a business interruption caused by a cyber attack or damages due to negligent misuse. Comprehensive assistance services, in the case of reputational risks or, for example, for the rapid restoration of the IT infrastructure or the web store after cyber attacks, are also important elements, together with modules from legal protection and D&O insurance. Criminal acts are covered - if at all - only to a very small fraction.

Fidelity insurance, on the other hand, primarily insures against targeted, criminal acts against a company. Unauthorized acts such as fraud or embezzlement by a company's own employees as well as by external third parties - especially hackers - are the main focus of fidelity insurance. Accordingly, financial losses caused by fake president, orderer or payment fraud are insured, as are phishing, keylogging or "man in the middle" and "man in the cloud".

Overview of fraud schemes and their respective methods

• Fake President / Chief Fraud: Pretending to have a false identity: The fraudster pretends to be the CEO of a company and uses "social engineering" (e.g., special esteem as well as strict secrecy and pressure) to induce employees (mostly by e-mail, sometimes also by telephone) to make payments, mostly for strictly confidential company purchases abroad that are declared as very urgent
• Fake Identity / Orderer Fraud: Pretending a false identity: The fraudster pretends to be a customer (often an existing one) orders goods and then has them sent to a different delivery address.
• Payment Diversion / Payment Fraud: Pretending a false identity: the fraudster pretends to be a supplier and gives a different account number for the payment of the already made delivery.
• Phishing: The scammer sends fake emails to employees of a company on real topics. The goal is to infiltrate Trojans or keyloggers via the link in the email in order to obtain sensitive company data
• Keylogging: The fraudster infiltrates the system with software that records and stores credentials and passwords, e.g. of account data, cloud, server accesses, etc.
• Man in the middle: The fraudster hacks into the communication between two communication partners and thus has access to the data traffic. He can view this data and manipulate it at will for his own purposes
• Man in the cloud: The fraudster hacks into a cloud where company data is stored (e.g., through keylogging) and can view this data and manipulate or delete it at will or introduce malware

Source and further information: Euler Hermes