The first time I heard about this type of scam was about 2 years ago. An importer noticed that he received emails from “marc0@…” (with a zero at the end) instead of the usual “marco@…”.
A hacker has penetrated the supplier’s email account, created a new email address, and was asking for a deposit higher than previously agreed to. They also sent an invoice that called for payment on a different bank account.
And it seems like this type of scam is on the rise. I heard many similar cases recently, including one instance where over half a million USD was stolen! The bank could trace the origin to one country, then another, then another… and then it was impossible to trace back to the source.
Obviously, many Chinese suppliers have heard of this, too. No later than this morning, I saw this message in a supplier’s signature (in big bold red letters):
(Any E-mail about Change of [their company] company name and bank accounting no.,please confirm with us by phone )
What is the supplier’s responsibility in this case?
I am not a lawyer so I won’t mention legal liability issues. But two things are clear to me:
- The supplier is, arguably, more at fault than the buyer. After all, they didn’t ensure their email system was secure… Or, worse, maybe one of their employees got paid to facilitate that scam… Or maybe they didn’t get hacked and they are pulling this off by themselves after all!
- Chinese suppliers’ lack of professionalism is making this type of scam MUCH easier than it should be. Buyers have gotten used to working with suppliers that issue invoices in the name of another company, that send emails through @163.com or @yahoo.com addresses, and so on. It is so common, few buyers question it. (I wrote about this here).
And, the most important question is…
How to avoid falling victim to this scam?
Dan Harris, over at the China Law Blog, wrote this advice in China Fraud Season Starts Early This Year:
The computer networks of many Chinese companies are not secure. The networks are subject to abuse by employees of the Chinese company and by outsiders. This means that you can NEVER trust an email communication from a Chinese company. Email is inherently insecure in China and you never know with whom you are really dealing when engaging in electronic communication with Chinese companies.
Chinese companies tend to be very loyal to their banks and so you should view with extreme suspicion any request to make a change in the payment bank. You should not even consider following such a request unless the request is made in writing on a revised purchase order stamped with the company seal. Even in that case, it is important to contact someone you know in the company with supervisory authority to ensure that the request is valid. Email requests to make a change should be ignored, but the request should be forwarded to your trusted Chinese company contact for an explanation.
Carefully review all bank account information. Monitor both the name of the payee and the location of the bank. Where the payee is even slightly incorrect, do not pay. Where the location of the bank is in the wrong city or country, do not pay. I have seen cases where foreign buyers paid to bank accounts outside of China to payees with no connection to the seller. These cases were all obvious frauds and the buyers lost their entire payment. I have seen millions of dollars vanish into thin air with this sort of scam. The Chinese parties committing the fraud will explain the need for this irregular payment as part of a plan to hold foreign currency outside of China. This kind of arrangement is no longer required in China. Explanations of this kind are indicia of fraud and should be ignored.
All excellent advice. I would add this: make sure you know several people who work with each of your suppliers. When a weird invoice comes up, or when your contact says “the factory is bankrupt“, you’ll have someone else to call and ask questions to.
Any other tips to avoid this scam?