Cybercrime

We present information below about threats connected with new types of criminal offences which businesses have been particularly exposed to recently and which involve Poland.

In our law practice we have observed significant growth in the number of attacks by international criminal groups defrauding businesses out of large sums of money. Attacks based on manipulation of data transmitted by email threaten firms of all sizes and across all industries with huge losses. The criminals prepare their operations with extreme care. In the attacked firm, a person is targeted who has authorization to make transfers (managing directors, finance directors, accountants or staff of finance departments may be chosen), who is then induced through a lack of awareness to transfer hundreds of thousands or even millions of Euro to fake entities. Defrauded sums are often transferred to the bank accounts in Poland, to be immediately transferred further to China, Cyprus or other destinations.

In the case of international corporations, a scheme that is often repeated goes as follows: The fraudster, pretending to be a foreign superior (a typical trick is pretending to be the CEO or other highly placed official of the holding company), contacts the selected person at the target firm. This person receives a meticulously prepared email that looks like it has really been sent by the given person at the holding company. The email contains instructions to make a transfer of a large amount to the bank account indicated in the email (or a series of transfers to several accounts). The email may also contain more specific information lending credence to the purpose of the transfer, as well as a request to act quickly and maintain the greatest discretion. The email looks authentic, and has all the identifying features: the sender’s address that is visible to the recipient corresponds to the true email address of the “CEO,” and the graphics are strikingly similar to the original appearance of emails from the given organization. Sometimes the fraudster calls the representative of the target firm on the telephone, because this additional contact helps reinforce the person’s credibility. The essence of the mechanism is the high credibility of the instructions from the fraudster and the precision with which the false emails are prepared, so that the instructions are not questioned.

Another common method is for the criminals to pretend to be actual suppliers of the company, diverting payment of amounts due under actually existing contracts, such as leases or service agreements. The scheme in such cases is similar to that described above. Persons responsible for making transfers receive emails prepared to look identical to real emails from suppliers, such as the landlord of the office building or the service provider. The emails contain a notice for example of a change in the bank account number or the details of the recipient of the transfer for service fees. The information from the email is often repeated in telephone conversations as well. As a consequence, firms lose significant amounts in the belief that they are simply performing their obligations under contracts they have concluded. This means it is necessary to be careful even in contacts with regular suppliers.

Unfortunately, often a long time passes before the deception comes to light. This makes it difficult or sometimes impossible to regain the lost funds. If the circumstances suggest a possible fraud, it is crucial to take immediate action, particularly by contacting the bank and the prosecutor’s office in order to block the diverted funds.

Appropriate security measures can help avoid the consequences of such attacks, for example by requiring verification of the identity of persons contacting the firm and authorization of bank transfers. A key issue in this respect is tailoring the procedures to suit the specifics of the business and the conditions under which the firm operates, so that they do not have a negative impact on the flow of current operations. It is also necessary to heighten staff awareness, particularly in the case of managers, of the threats related to criminal activity, and to alert them to the methods employed by fraudsters.

Our law firm offers a range of services supporting businesses in avoiding the risks connected with attacks by fraudsters. We have experience conducting civil cases where the main goal is to regain funds obtained through fraud if they, in particular if they are located in Poland, as well as criminal cases, including contacts with the prosecutor’s office and banks in the critical initial phase of the investigation. We also conduct training on security of day-to-day operations for managers and staff of finance departments, and assist in developing security procedures and auditing existing procedures.