One of our DIFC clients is scammed by fraudulent e-mails
Our Client is a Dubai International Financial Centre (DIFC)-based company conducting global trading in products such as chemicals, perfumes, metals and telecommunications equipment.
Our Client had recently started the process of a public listing in Luxembourg, and wanted to open multiple corporate bank accounts for their DIFC entity as they were facing challenges and administrative delays with their current banking partners, HSBC.
During the course of the engagement, our Client was scammed by a third-party, and this was brought to our attention in November 2021.
Initial discussions and due diligence
- At the onset, the discussions with the Client were legitimate and there were no red flags. I raised questions about the corporate structure, the due diligence documents requirements and procedures, payment schedule and timelines, etc to which the Client was very receptive and provided all requisite documents.
- I informed the Client that we could initiate corporate bank account opening only once we received i) a signed engagement letter ii) due diligence documents and iii) 1st instalment of our professional fees.
- Our Client started gathering the due diligence documents, and began engaging with me over WhatsApp for clarity on minor points.
Strange Client behaviour
- Upon receiving our invoice for the agreed services, the Client started pushing us to remove VAT fees from the invoice, as we would be opening an international bank account.
- I promptly explained to the Client that VAT is applicable since it is a UAE company irrespective of where the service is being provided.
- The Client continued to push me to invoice without charging VAT, and mentioned that they were willing to pay to other Healy entities to avoid paying VAT.
- I once again clarified that VAT is applicable as per UAE VAT laws, and Healy Consultants Group would not waive this requirement.
- I received the signed Client Engagement Letter (this is a standard document which we request all clients to complete and send to us) from a ‘fraudulent’ Client email address. The e-mail was worded:,“In respect the payments, kindly let us know all the payments we can arrange this week.”
- Unfortunately I had not spotted to fraudulent email address which differed slightly to our Client’s e-mail address. Instead, I responded to the ‘fraudulent’ Client email, mentioning that the payment for the 1st instalment was due to initiate the engagement.
- I again followed up with our Client over WhatsApp on the status of the first instalment payment. The Client informed me that the payment had been made, and provided a payment slip. I advised the Client that it might take 3 to 5 working days to confirm the receipt of payment in our bank account.
- I shared the payment slip to our accounting department, to allow them to identify the funds. The team reviewed account activity and confirmed the funds had not been received. They then informed me that the bank account numbers indicated in the payment slip were not our firm’s.
- I immediately informed the Client about this discovery and asked them why they had remitted the funds to a fraudulent Spanish bank account instead of the corporate bank account details that I had shared with them previously.
- The Client shared with me the email chain, showing that he had been communicating with a fraudulent email address almost identical to my Healy Consultants email.
- I immediately cited this and mentioned that neither the email or the bank account mentioned belonged to Healy Consultants Group. I advised the Client to i) cancel the payment with their bank ii) perform an internal IT check to catch the breach iii) verify all communications over phone before taking any further actions.
- I also informed our in-house IT team about the breach and requested them to investigate the matter and confirm if our system had been breached. They confirmed that there was no breach of our server.
Continued strange behaviour from Client
- On the day the fraud was discovered by Healy Consultants Group, the Client changed their WhatsApp number on which they had been communicating with us.
- Our Client emailed me with a request to refund the money, claiming it was a lapse in Healy Consultants Group not being able to confirm payment receipt in 48 hours that led to the fraud. The Client also informed me that they had settled the 2nd instalment of our fee to the ‘fraudulent’ bank account.
- I responded to the Client in detail, clarifying the entire sequence of events and clearly stating that Healy Consultants Group could not refund any payments that we had not received from the Client’s firm.
- Our Client then sent a strange email to me saying any verbal/phone conversation could not be used as proof. He continued to blame Healy Consultants Group for not informing them about the non-receipt of payment within 48 hours as the reason for this fraud.
- I clarified our Client’s comments and confirmed that Healy Consultants Group had only informed about the payment of the second instalment after the fraud had been discovered. For the avoidance of doubt, I recommended we agree a further course of action in writing by email.
- Our Client sent an email to me requesting to set-up a meeting in their Dubai office. I counter proposed a meeting at our Dubai office, to which the Client does not respond.
Healy Consultants legal safeguards
- Healy Consultants Group’s IT team performed a comprehensive performance check and breach testing of the internal servers to re-confirm there were no security lapses on our end.
- We also filed an e-complaint with i) Dubai e-crime police and ii) Spanish police regarding the breach and fraudulent emails and bank account.
- In addition to the above, Healy Consultants Group also informed i) DMCC (the location of Healy Consultants’ office) and ii) DIFC (the location of our Client’s office) about the fraud and filed a iii) Suspicious Transaction Report with the UAE Central Bank.
- Having reported the chain of events to the authorities, Healy Consultants Group had internal discussions about the fraud and additional security measures were put in place. These included i) rechecking our internal server and further upgrading its security settings ii) holding a management team meeting in November 2021 to discuss the events and action points iii) reached out to cybersecurity firms to conduct an audit of our own internal procedures and policies and iv) a case study of the fraud was uploaded to protect staff and future Clients of such fraudulent activities.
- Healy Consultants Group continues to evolve and upgrade our systems against the increasing cybersecurity threat for e-commerce businesses.