What is push payment fraud?

Push payment fraud (also known as ‘authorised push payment fraud’) is a fraud whereby fraudsters conduct research (often including email hacking) to seek to identify two companies which have a current trading relationship.

The fraudster then sends one of those companies (A) a fraudulent communication purporting to be from the other (B) requesting that the details of the bank account into which A pays funds to B be changed to an account controlled by the fraudster. These emails are often highly convincing, replicating or closely mirroring the legitimate supplier or other entity’s email address, contact names and signature blocks. What makes the scam even more convincing is that the fraudster will generally masquerade as a senior employee, direct the email to a more junior employee and will not ask the company to change its trading counterparty’s account name.

Once the funds are transferred to the fraudster’s bank account, the funds are immediately dispersed by the fraudster via a series of separate transactions into multiple separate accounts also controlled by them, often located abroad, where the funds are then withdrawn and dissipated. Recovering the funds once they have been paid into the fraudsters account is incredibly challenging.

Rise in push-payment fraud

Our publication “Implications for the future of Dispute Resolution”¹ predicted that push payment fraud would become even more prevalent as a result of COVID-19, and our experiences in the last few weeks have proven that to be the case.

Very recently we acted for a client based outside of the UK that was subjected to a multi-million dollar push payment fraud, perpetrated by an unidentified fraudster masquerading as the client’s trading counter-party. The fraudster created email addresses very similar to the ones of the trading counter-party, set up a bank account with the same name as the trading counter-party, and then directed our client to pay genuine invoices previously received from the genuine trading counter-party into the fraudster’s bank account. The fraudulent email purported to come from a very senior member of the client’s parent company. The fraudster explained the change in bank account details as being a result of fictional restrictions on UK banks as a result of COVID-19, meaning that payments had to be made to a new bank account on an interim basis.

Once instructed, we immediately notified the banks involved in the transaction and applied for urgent injunctive relief in the English courts to freeze the stolen funds and a disclosure order for information to enable our client to establish whether any and, if so how much, of the stolen funds remained in the fraudster’s account, and the location of any accounts into which the stolen funds had been paid.

The entire proceedings took place remotely using online hearings, the first of which took place within hours of the application being made. We believe that, as a result of the hearing taking place online, we were able to obtain the orders our client sought more quickly and cost effectively than would have been the case if an in-person hearing had been required.

We also engaged on behalf of the client with the UK and local criminal authorities and their investigations into this matter. This highlights the importance of needing to consider both civil and criminal law processes in order to secure redress.

As a result of this action, monies in the fraudster’s bank account have successfully been frozen and already recovered by our client.

Most victims of this type of fraud are not so lucky and end up not being able to recover any of the money stolen from them and are left with little recourse against third parties or insurance.

How to spot it and how to stop it

Given the financial predicament that many businesses find themselves in as a result of COVID-19, and as pressure mounts to secure and make payments to suppliers/service providers, all businesses, large and small, should be on the lookout for push payment type frauds and ensure they have robust systems in place to help minimise the risk of falling victim.

In particular, businesses should consider adopting the following recommended practices:

• A check should be made of the email address from which any payment instructions are received. That address should match exactly the email address from which payment instructions have previously been sent.
• Have a personal contact at your regular suppliers. Always verify details of any amended payment instructions verbally with these contacts before making any payment.
• Ensure all staff, particularly those that are responsible for making payments, are familiar with how push payment fraud works, and what signs to look out for.
• Have an approvals process in place which requires the sign-off of payments by more than one member of staff over a certain amount. Ensure that those with the authority to sign-off are in the department responsible for the expenditure.
• Look carefully at each invoice and compare it to previous invoices, particularly the bank account details, wording used and the company logo to check for irregularities.
• When you have paid an invoice, inform the supplier or other trading counter-party of the payment details immediately, including the account to which the payment was made so that any irregularities can be quickly identified.
• Encourage a speak-up culture within the workplace so that, once detected, the fraud can be dealt with expediently.
• Consider removing or limiting certain information, such as testimonials, from company websites and social media channels that could lead fraudsters to knowing who your regular suppliers are and trading counter-parties.

Every member of the finance/account function (regardless of seniority) should be trained on these systems and controls and should understand that they should treat any request to change payment details of suppliers, solicitors or other regular service providers with extreme caution. If you would like us to provide such training please let us know.

As noted above, it is now more important than ever that these systems and controls are implemented and that they remain robust.

What to do if you suspect a fraud?

If you suspect that you or your business has been the victim of push payment fraud, it is crucial to react quickly if you are to have any chance of recovering stolen funds. You should immediately do the following:

• Inform all banks involved that the transaction(s) are fraudulent. This is best done over the phone in case email systems have been compromised by the fraudsters.
• Take active steps to check that no other payments have been compromised.
• Notify the legitimate supplier so that they can inform other customers and check for security breaches.
• Seek legal advice on the next steps and any potential action to trace, preserve and recover the stolen funds.

How we can help

Baker McKenzie has vast experience in assisting clients to combat a variety of different types of fraud, including push payment fraud in a very cost effective manner, including via virtual hearings which allow injunctive relief and disclosure orders to be sought and obtained extremely quickly at a substantially reduced cost. Through our global regulatory, civil and criminal capabilities we are able to lead the legal and investigatory process to give clients the best chance of tracing, preserving and recovering stolen assets wherever in the world they are located. Our expertise includes:

• obtaining court orders and injunctive relief against fraudsters and financial institutions to preserve stolen assets;
• working with investigators and coordinating with national and international fraud and criminal agencies to assist with their investigations and help trace stolen assets; and
• bringing substantive claims and enforcement proceedings against fraudsters in order to recover stolen assets.

1 https://insightplus.bakermckenzie.com/bm/dispute-resolution_1/united-kingdom-covid-19-implications-for-the-future-of-dispute-resolution