Vendor Email Compromise

What You Can Do

Vendor email compromise is a variation of business email compromise where fraudsters hack business email accounts of reputable vendors to place large orders of products with their suppliers or to issue fake invoices.

Where the supplier ships the products ordered prior to receipt of payment, they are left with a financial loss as the payment is then not made by the fraudster.

The fraudsters may issue fake invoices for payments that are actually due – but they have changed the bank account details on the invoice to an account controlled by the fraudsters.

 

  • Requests from vendors for large shipments, particularly for the supply of electronics products
  • Notification of a change in payment details with a request that payments should be directed to a new account, or
  • Invoices that may look legitimate but where the bank account details have been changed.
  • Consider whether requests for large shipments are genuine.
  • If a company requests a change of payment details, always follow simple verification steps before making payments.
    • Fraudsters may change an email address to make it look as though it has come from someone you are used to dealing with, or they may have hacked the sender’s email account to trick you into believing the request is genuine. Always check email addresses carefully, and
    • Verify the change by contacting a known contact in the company directly, using contact details held on record, or by using a phone number displayed on the company’s official website. Links or contact details contained in an email or letter requesting the change could be fraudulent. Don’t use them.
    • Regularly review vendor/supplier records to ensure they are up to date and do not accept changes requested by email without verifying it first directly (see guidance point above)
    • Where six figure payments are requested, it is good anti-fraud practice to hold face-to-face contact between the parties involved prior to making payment.
    • Ensure that your employees are aware of this type of threat and the recommended actions listed here to help prevent it.
  • Contact the Bank immediately if you receive a suspicious email or letter relating to payments and also An Garda Síochána if you think you have been the victim of fraud.

Lost or stolen card?

As soon as you believe your card has been lost or stolen, please get in touch. We’ll cancel your card as soon as you tell us it’s missing and get a new card issued to your address (the one we have on file for you) in 5 to 7 working days.

Fraud, suspicious activity or unauthorised transactions?

To report online fraud, suspicious activity, unauthorised transactions on your account or ATM fraud, please contact us as soon as possible via our Freephone numbers listed below.

Shared your online login details?

If you have shared your banking details in response to a suspicious email, text or call, please notify us as soon as possible via the Freephone numbers listed below.

Report a suspicious email or text

To report suspicious Bank of Ireland related emails or texts (both personal and business customers), send the suspicious email or text to 365security@boi.com

 

Emergency Contact Numbers

Republic of Ireland

Freephone: 1800 946 764 (personal and business)

Great Britain & Northern Ireland

Freephone: 0800 121 7790 (personal and business)

Everywhere outside Republic of Ireland, Great Britain & Northern Ireland

Not Freephone + 353 1 679 8993

Not Freephone + 353 56 775 7007 (Lost/Stolen cards or smart device)