We wish to inform you that we have noticed from a number of customers and suppliers that emails have been sent to them in the name of Orga. These so-called “spoofing emails” are sent by criminals and do not originate from Orga. As we know so far, no damage was done to any of our customers or suppliers as they have noticed that these mails were fake and followed clear internal procedures. However, it could have severe financial consequences in case you do fall for a spoofing email.
We trust you have your own procedures in place for any financial related requests, but we feel it is our obligation to warn you about these criminal practices. We would also like to draw your attention to our procedures regarding bank details and changes.
At Orga, we do not expect changes to our banking details. If the situation arises in the future of a bank details change, please note that our procedure is as follows:
A signed letter on Orga letter paper will be sent to your financial department in two copies, one by email in PDF format, and one hardcopy of the same letter will be sent by traditional post. In all cases verify all details in the letter with the details you have on record.
In addition, we strongly advise you to do an extra verification by phone with our financial department. Please use your known contact person and phone number for this check.
In case you receive an email that looks as if its not coming from Orga, please check the headers of the email so that you can verify if the mail is being sent by the domain and mail server you expect it from. You can also check if the address where you can reply to is the same as the address of the sender. We trust your IT department can be of assistance in case of questions.
Unfortunately these criminal practices happened recently in a number of industries as it is relatively easy to fake an invoice. It is recommended you always verify the bank details on the invoices you receive from any supplier with the details you have on record. Criminals often change email address just slightly so that their practices go unnoticed. For example, changing the reply to address firstname.lastname@example.org or email@example.comI (with a capital i). Or changing firstname.lastname@example.org into email@example.com.
In case you discover a fake email, you can ask your IT department to block the IP address.
We hope this email and following appropriate internal measure will raise your attention for these criminal practices. In case you have questions, please do not hesitate to contact us.