Forged transfer orders: Typologies
- Articles and memoranda
- Posted 23.05.2019
On 24 April 2019, the Financial Intelligence Unit ("FIU") of the Luxembourg Prosecutor’s office published a note on forged transfer orders which particularly addresses their typologies and indicators. The note also advises on what steps should be taken when a forged transfer order has been executed or is about to be.
The typologies described in the note are:
- the CEO fraud;
- the falsified invoices;
- the “man in the middle attack”; and
- the use of hacked emails.
These should however be seen as examples as, in practice, we have seen cases in which other typologies or variations of the typologies described by the FIU were applied.
As regards the indicators that may enable the detection of a fraud, the FIU refers to the list drafted by the Egmont Group1 , while at the same time warning that these indicators should not be analysed separately. The most common indicators of a fraud relate to the account, the victim or the fraudster. For example, fraudsters often use money mules i.e. individuals who allow their bank account(s) to be used for the transfer or withdrawal of the diverted funds. The inflow of large sums of money with the communication “payment of invoice n°xxx” into an account held by an individual who has a modest salary could be an indication that the accountholder is a money mule.
Other indicators include sudden changes to an account (for example, informing the addressee of the invoice that the invoice must be paid into a new account held with a bank located in a jurisdiction in which the beneficiary of the payment does not operate) and unusual or incoherent information given by the alleged client on the process of the payment, transaction or the activity.
Once the fraud has been identified it is essential to act quickly. The FIU considers that the first 24 hours are crucial for recovering the transferred funds. However, even an intervention within 72 hours may sometimes lead to a partial recovery. The persons that the victim should contact immediately are the bank of the beneficiary, the FIU and the Public prosecutor.
In addition, recovery and conservatory measures should be taken in the jurisdiction where the diverted funds were transferred to. Luxembourg banks or professionals of the financial sector drawn into a fraud should also inform the CSSF.
1 | The Egmont Group is a united body of 158 FIUs, which provides a platform for the secure exchange of expertise and financial intelligence to combat money laundering and terrorist financing (ML/TF). | |||