No business wants to be the victim of a cybercrime, and there are several methods how the communication between the exporter and buyer can be hacked or impersonated. One of them is targeted phishing attempts which have become more sophisticated in recent years. EXIM would like to generate awareness among customers about this relatively uncommon yet growing threat that has impacted a small number of Export Credit Insurance policyholders.
A scammer identifies an international buyer that has a trade relationship with a specific U.S.-based exporter. Next, the scammer contacts the buyer over email and/or text message and fraudulently pretends to be the exporter, mentioning that the company’s bank account has changed and requesting the buyer to remit payment for the exporter’s outstanding invoice(s) to the “new” account via provided payment instructions. When the buyer makes a payment, the funds go to the scammer rather than the exporter.
Meanwhile, the exporter is unaware of any of this activity. When the payment due date passes, and the exporter has not received payment, the exporter suspects that its international buyer will not pay for its shipment(s) of goods. The exporter contacts the buyer who tells the exporter they already paid the invoice. The exporter tells the buyer they haven’t received payment. Insured with an EXIM Export Credit Insurance (ECI) policy which protects against buyer nonpayment due to commercial and political risks, the exporter reviews EXIM’s ECI claim filing period to confirm the minimum amount of time needed to file a claim (90 days past the invoice due date) then proceeds with filing one. EXIM’s Claim Processing division reviews the exporter’s claim, but in some cases like this, it could result in partial or full claim denial if the buyer disputes its obligation to pay, based on the policy’s disputes exclusion.
EXIM advises policyholders to communicate the following to their international buyers: “Please only wire transfer to the bank account details you have on file with your supplier and always verify you are paying the same bank account. NEVER pay when anyone sends you new bank details via email or text message. When in doubt, we highly encourage you to call the phone number of your supplier that you know is correct to verify the account you are paying and verify everything with your supplier’s dedicated account manager."
There are also U.S. government resources that provide more information to help protect businesses from phishing, including Secure Our World Resources, a series of tip sheets available in multiple languages from the Cybersecurity and Infrastructure Security Agency (CISA).
To learn how EXIM can protect exporter invoices against nonpayment for goods shipped to an international buyer, please click here to schedule a free consultation with an EXIM trade finance specialist.
