Who Pays When a Cyber Scam Leads to a Misguided Payment?
Imagine this: Your business receives an invoice from what appears to be a trusted supplier. You pay the invoice, only to discover later it was sent by a scammer. The payment didn’t go to your supplier—it went to a fraudster’s account. Now the question arises: who is responsible for the financial loss?
What Happened in the Case?
In a recent legal case, a company fell victim to a business email compromise (BEC) scam, where a fraudster impersonated their supplier and sent a fake invoice. The company unknowingly paid the scammer, and when the supplier didn’t receive payment, the supplier demanded to be paid again.
The company argued that they had paid the invoice and should not have to pay twice. The supplier countered that they never received the payment and weren’t at fault for the scam.
Who Was Held Liable?
The court ruled that the company that paid the fraudulent invoice was responsible for the loss. Why? Because:
- The supplier fulfilled their obligations and sent a legitimate invoice.
- The company failed to verify the payment details, even though the email looked suspicious.
The court emphasised the importance of having processes in place to verify payment details, especially if there are any changes or unusual requests.
What Can Your Business Learn?
To avoid falling victim to similar scams:
- Verify payment details: Always double-check payment instructions with the supplier using a trusted contact method, especially if they appear to have changed.
- Train your staff: Educate employees on how to spot phishing emails and suspicious invoices.
- Implement cybersecurity measures: Use tools like email filtering, two-factor authentication, and regular system audits to reduce risks.
- Review contracts: Ensure your agreements clearly outline responsibilities for fraudulent payments or scams.
How 4walls Can Help
4walls specialises in helping businesses reduce the risks of scams like these through:
- Phishing Simulations to train your staff on recognising fraudulent emails.
- Cyber Security Dashboard for monitoring vulnerabilities and reducing risks.
- Cyber Governance Principles Training for leadership to oversee effective risk management practices.
Avoid paying the price of a scam—take action today. Learn more here.