Fraud Alert: IOFM Member Identifies Currency Conversion Scam

Converting foreign funds into U.S. dollars is a costly and time-consuming effort. So, if your AR contact says you can just pay in local currency, you might be tempted to jump at the offer. 

But beware, the proposal may be too good to be true. At least that’s what one IOFM member recently discovered when a fraudster intercepted an email exchange between AP and AR practitioners, inserting this note:

“…Sorry to hear about the Post office strike, if it makes things easier, please be informed that we can also accept payment in Canadian $ via EFT. 

We have Canadian bank account for EFT. Please details of TD Canada bank account below,

Please use the best available conversation rate and send me confirmation when EFT is complete. On my end, we see the rate is around 1.35 and this is okay with us if this your rate is not lesser than this…”

The fraudulent communication then offered a new account number to transfer the funds.

The email address of the fake AR specialist was one letter off from the real email, enabling communication between the fraudster and the AP clerk to continue unabated. It was only discovered when the AR clerk followed up with the customer to find out why payment hadn’t been made.

This specific fraud appears to be all too prevalent. After warning customers about this scam, two other customers reported this same email within a week.

To prevent failing prey to this fraud:

First, pay close attention to the language. Red flags should have been raised by grammatical mistakes.

Second, anytime anyone (for any reason) asks you to change your payment method, call a known contact – don’t rely on the contact information in the email.

Click here for the full email exchange (minus redacted personal information).

What If You’ve Already Been Scammed?

Notify Your Bank

• Contact your bank immediately and inform them of the fraudulent transaction.
• Request their assistance in initiating a recall of the funds and any relevant fraud investigation procedures.
• Provide the bank with all details regarding the transaction, including the account information where the payment was sent.

Contact Local Authorities

• Report the fraudulent payment to your local law enforcement agency.
• Include any documentation or evidence that could support their investigation.

Engage Your Insurance Provider

• If you hold cyber liability insurance or any other relevant coverage, notify your insurance carrier promptly.
• Share details of the fraudulent activity and inquire about possible coverage for such losses.

Secure Your Systems

• Work with your IT team to review your internal systems for any vulnerabilities that may have contributed to fraud.
• Implement enhanced security measures, such as email verification protocols, to mitigate the risk of future incidents.

Monitor Your Accounts

• Keep a close watch on your bank accounts and other financial systems for any additional unusual activity.
• Report any unauthorized transactions immediately.

Review Internal Processes

• Ensure that payment approval processes include independent verification of account details with vendors, especially when receiving requests for account changes.
• Use direct contact methods to confirm details, avoiding email or other unsecured communications.