We have seen a number of cases recently, affecting our credit
insurance clients, where there have been fraudulent interceptions
of email communications in trade transactions.
The most common scenario is that emails between the buyer and
seller are intercepted by a third party. The third party informs
the buyer, either through a fraudulent invoice sent by email, or
through the text of an email, that payments should be made to its
bank account, rather than any previous bank account details they
have on record for the seller.
Several buyers have been defrauded by such scams, and have
transferred payment to bank accounts which do not belong to the
seller. The seller has then chased for payment, and the buyer
indicates that payment has already been made. Both parties then
discover that payment was made to the wrong bank account. The
seller will remain unpaid and chase for payment, whilst the buyer
will insist it has paid, and in some cases, accuse the seller of
responsibility for perpetrating the fraud (eg. through a rogue
How are such scams perpetrated?
There are various methods of perpetrating such scams. One method
we have come across is "malware spying" software being
introduced into the computer of one of the seller's employees.
The software can be introduced through a malicious spam email
which, once opened by the employee, results in a "hacker
agent" being installed onto the computer. The "hacker
agent" allows the computer to be remotely controlled by
another user, and also allows the hacker to steal data from the
A common feature of this type of fraud, is that the third party
fraudster makes use of fraudulent email addresses that resemble the
seller's original email addresses. This allows the fraudster to
intercept emails that were intended for the buyer, but also to
masquerade as the seller's employees to correspond with the
buyer, allowing the fraudster to provide false instructions to the
buyer to divert payment from the intended beneficiary.
In a long chain of emails, the fraudulent email addresses can be
very difficult to spot. For example, compare the following
fictitious email addresses:
It would of course also be possible for a fraudster to
perpetrate the fraud through intercepting the computer of one of
the buyer's employees.
How do these scams affect credit insurers?
These scams affect credit insurers because buyers will usually
refuse to pay a seller when this type of fraud has been
perpetrated, arguing that they have paid already and should not
have to pay twice. A seller may then seek to claim on any credit
insurance policy taken by them to recover the sums due to them by
We have acted for parties in cases where legal proceedings have
been pursued by a seller to claim sums owed by the buyer to the
seller in such circumstances. A key issue in the proceedings has
been whether any employees of the buyer or seller were involved in
perpetrating the scam, and evidence from technology experts is
required to assess the likelihood of this being the case. So long
as no involvement of any employees is proved, a tribunal will in
many instances find that the buyer remains liable to pay the
seller, as payment for the underlying transaction has not been
How can credit insurers seek to avoid losses arising from these
Whether or not a claim can be made under the relevant credit
insurance policy when a fraud has been perpetrated (as outlined
above) will depend on the terms of the policy.
Nevertheless, credit insurers can advise their policy-holders to
be alert to the possibility of a fraud being perpetrated:
One strategy which may assist in avoiding such frauds would be
to specify at the beginning of any transaction that any payment
instructions, or any deviation to existing payment instructions,
must be confirmed by a number of modes of
communication (for example, not only by email, but my
telephone and fax as well, with contact details having previously
Another strategy would be for both parties to carefully
check all email addresses from which they receive any
instructions relating to the transaction (particularly any payment
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).