Cybercrime is aﬀecting all industries, but the commodities sector is particularly vulnerable. Given the enormous movement of cargoes and cash, there is a high risk of incurring a substantial loss if you become the victim of a fraud. Attacks are increasingly sophisticated, but there are some basic precautions that can be taken. In this article, we look at email and the problems it can create. We also outline some simple ways you can manage this threat.
Over the past year, we have been onboarding hundreds of companies onto the TradeCloud platform. One frequent talking point with clients is Cyber Security. We regularly receive questions such as “Is your site secure?”, “Where do you store your data?”, “Is the information encrypted?” These questions come about as people become increasingly wary of data security.
Over the past few years, the metal industry has been the victim of headline-hitting frauds such as the aluminum case in Qingdao and the nickel case in Korea. In both instances, warehouse receipts were reproduced and the perpetrators of these crimes received payments multiple times for the same metal.
Such crimes have partly come about due to the industry’s continued reliance on paper documents – Contracts, Bills of Lading, Certiﬁcates of Origin, Warehouse Receipts, Insurance certiﬁcates, Letters of Indemnity to name the most common. Despite the massive technological shift that we have been witnessing over the past 20 years, the commodities industry has been slow to adapt and continues to use physical paper to patch things up.
Whilst these events have raised awareness of the risks of paper title documents, we have discovered a much more common menace, which is happening on an almost daily basis. We have been told by many customers that they have faced multiple attacks on their systems and in particular, their email communications have been compromised. One of the most regular and simple frauds we have been told about is invoice fraud.
Below are the basics of how fraudsters operate :
• The commodity supplier raises an invoice for the goods shipped under the contract
• The supplier then converts that invoice into a PDF and attaches it to an email
• The email is then sent to the supplier
• The fraudster uses various techniques such to copy the invoice data and/or block its’ direct transmission to the customer
• The fraudster then changes the bank account details on the invoice and forwards a new invoice by email to the customer [cleverly disguising himself as the supplier]
• The customer receives the invoice and unknowingly pays the money to the fraudster’s nominated bank account
• The fraudster receives the money and launders it through multiple banks
• Confusion ensues between the supplier and the customer as to where the money went
• The lawsuits and insurance claims begin
• The fraudster disappears and the money becomes unrecoverable
Of course, in many instances, people are vigilant enough to notice when the payment terms are changed, but unfortunately, this is not always the case.
In general, people don’t advertise that they have been the victim of cyber fraud as they do not have an immediate solution to the problem.
Instead, they will increase the number of manual checks they perform in the hope that they will catch such a similar hoax in the future. However, this increases the processing cost without fundamentally eliminating the problem.
A few basic tips we suggest to reduce the risk:
1) Inform your suppliers in writing of your bank account details and send them by post
2) Inform your suppliers that you never change your bank account details and if you do change them, they will be informed in writing by post
3) If you send documents by email that contains sensitive information, always password protect them
4) Avoid sending any documents via email that contain sensitive information, such as bank account details
5) Always apply the latest software patches. This should be done via automatic shutdown and reboot of all devices on your network
Email is often the weakest link in the IT chain. The problem with email is that once it leaves your IT environment it can be easily copied. With all of us receiving so many emails every day, it can be easy to miss something malicious.
If you reﬂect for one moment on retail banking and their move to digital, you will notice that all critical information and communication is within their IT environment. You need to log in with at least a two-factor identiﬁcation to view your details and make instructions. Banks today never process a payment instruction based on an email.
At the very least, they will call you back for reconﬁrmation. Again, any manual service is ineﬃcient and costly and as a result, banks are moving their customers increasingly to digital. The commodities industry is highly competitive and increasingly under cost pressure. Manual processes are expensive and often ineﬀective against cybercrime.
At TradeCloud our goal was to build a communications platform speciﬁcally designed for the commodities industry. This meant that data security was our top priority. As highlighted above, the key to keeping communications private is to keep them within a secure environment. The TradeCloud environment is a closed system, making it far less susceptible to attack. So, if you want to signiﬁcantly reduce the risk of your data being intercepted, you should send it on TradeCloud Chat. The TradeCloud messaging system is free to use, allows you to attach documents and has security features throughout.
Furthermore, TradeCloud Chat can be fully monitored by your compliance department via our partner Global Relay – the leader in global communication monitoring.
The TradeCloud Chat is just one feature amongst many we have created for a more secure and compliant environment for the commodities industry of the future. If you would like to learn more about how we are going about this, please feel to contact us via [email protected]
TradeCloud is a communications platform designed speciﬁcally for the physical commodities industry. It provides a secure and compliant environment, open to all market participants. This helps TradeCloud members ﬁnd the commodities they need at competitive prices.
TradeCloud has plans to provide a network of post-trade services such as logistics, ﬁnance, and documents, all connected on the TradeCloud Commodities Web, centered around blockchain technology.
For more information, please visit our website.