BATAVIA – A global company in Batavia that designs, manufactures and distributes agricultural equipment reported being defrauded of nearly $115,000 in misdirected payments to one of its accounts, according to Batavia police reports released through a Freedom of Information Act request.
The finance director of AGCO, 1500 N. Raddant Road, reported to police on Oct. 28 that the company paid $114,952 in three payments to a vendor – only to find that the vendor was calling to ask where its payments were, the report stated.
An accounts payable processor received an email on Aug. 21 – purportedly from Thermamax, an Aurora company that makes thermal and acoustic insulation systems – requesting a change in their the bank account, the report stated.
AGCO made a payment of $59,829 on Aug. 28, another payment of $1,933 on Sept. 5 and a payment of $53,190 on Sept. 11 to the changed bank account for Thermamax, the report stated.
Then on Sept. 12, AGCO received an email from Thermamax asking about past due payments, including the payment for $59,829, the report stated.
Thermamax told AGCO that it never sent the previous emails about changing a bank account and that it had not received any of the payments, the report stated.
A voice mail message left with AGCO was not returned.
AGCO also filed a complaint with the FBI Internet Crime Complaint Center, the report stated.
It is a sophisticated scam in which email is used to impersonate a business to request fraudulent payments or access employee payroll information.
The scam has been reported in all 50 states and 177 countries, affecting small, medium and large companies. Reported worldwide losses are $26 billion from June 2016 to July 2019, according to the FBI.
The FBI public service announcements also provide ways to foil this type of crime:
• Frequent monitoring of email exchange servers for changes in configuration and custom rules for accounts.
• Be alert to hyperlinks that may contain misspellings of the actual domain name.
• Training on the Business Email Compromise/Email Account Compromise threat and how to identify a “spear phishing” email. That is, the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.
• Contact requesters by phone before complying with an email request for payments or personnel records.
• Consider requiring two parties to sign off on payment transfers.