INVOICE AND CEO FRAUD
Invoice fraud and the variant CEO fraud are criminal scams. The paid amounts end up in bank accounts of scammers or their helpers and are funneled away. Our office specializes in legal aid to victims of this type of fraud.
Variants invoice fraud
There are many forms of invoice fraud. A common form is that fake companies send invoices for services that have not been provided or for services that are provided but which are not worth anything, such as the unsolicited entry in an address file. The perpetrators of this type of fraud are betting that some inattentive administrators will pay the bills.
Invoice fraud and email hacking
A common variant of invoice fraud is that an invoice from a supplier is intercepted by hacking emails (or guessing a password), after which an invoice is forged, with the only difference being the bank account number. This occurs in particular in international trade, because there is no name/number verification in international payment transactions. The invoice is sent to the correct email address by the criminal organization, paid to an incorrect number, and then diverted.
CEO fraud
CEO fraud is a variant without a forged invoice, where a criminal impersonating the CEO gives a credible payment order. If the CEO’s email account is hacked or if his password is guessed, the recipient of the email who makes the fraudulent payment on behalf of the CEO will not be able to see that the payment order is not from the CEO. There are also variations on this. For example, it is possible that the email of the CEO has not been hacked, but that of the person who can issue a payment order is. The criminal organization can then read along and give a credible payment order at a tactical moment via an email address that closely resembles the real address.
Payment system
Invoice and CEO fraud by definition makes use of the infrastructure of the banking system. After all, it concerns amounts to be paid by bank, which eventually end up in a criminal’s account. Money mules are often used as intermediaries. These tracks are for the police to follow, so most criminals use tricks to stay out of sight. For example, they buy legal unregistered goods that they pay by bank and have them delivered and collected somewhere, after which they resell these goods. If the seller from whom these goods are ordered is in good faith, it becomes difficult for the police to find the criminal revenue. The trail ends in nothing.
Claiming damage to the perpetrator
In the event of major damage, we recommend that you always report it to the police. In addition, engaging a lawyer can help to recover the damage. Those who act quickly can freeze the perpetrator’s bank account via pre-trial attachment. The debtor owes nothing to the scammer, so the judge can grant a claim based on undue payment.
Bank fraud detection
In recent years, the fraud detection systems (the “transaction monitoring”) at banks have improved. The departments at banks that have to assess suspicious transactions have also been considerably expanded. However, the systems are not perfect. Incoming international amounts, even if they are remarkably high amounts, are rarely classified as suspicious; the alarm bells at banks usually only go off if the follow-up bookings deviate from the normal pattern. However, it is becoming increasingly common that part of the damage is limited through intervention by the bank. Criminals naturally do their best to find and exploit the weaknesses of the fraud detection. For example, they can try to use a BV that regularly makes large international payments. The filter will then not quickly detect an abnormal transaction.
Liability of banks in invoice fraud
If the bank does not respond adequately to detected fraud, it is possible that the bank is liable for the damage on the basis of a breach of the duty of care. An important turning point in the case law was the case of Foot Locker against ING in 2017. Foot Locker had to deal with a large and sophisticated invoice fraud. According to the court, ING should have intervened. The bank had marked the transactions as “unusual” but then stopped. The court found this negligence to be unlawful against Foot Locker. For that reason, the bank had to pay part of Foot Locker’s damage. Since the Foot Locker / ING case, the victims have more often and successfully addressed their own bank or the bank of the scammer.
Practical example
An example of CEO fraud for an amount of € 800,000 successfully handled by our office is the summary judgment of the District Court of Rotterdam of 8 July 2021. Read more here .
Marius Hupkes