Attempted online fraud stopped at Carbfix

25 Jun 2025

25 Jun 2025

Attempted online fraud stopped at Carbfix

Attempted online fraud stopped at Carbfix

A reminder of the importance of implementing security measures for communication systems.

A reminder of the importance of implementing security measures for communication systems.

Carbfix recently received information that the company's name had been used in an attempt to defraud funds from Carbfix's partners. An attempt was made to send instructions to Carbfix's partners that payments should go into the accounts of online fraudsters and not into Carbfix's accounts. This did not happen, but the attempt, which looked like an e-mail from Carbfix, is a reminder of how important it is to implement security measures for communication systems and carefully verify information in international transactions, e.g. by carefully checking the sender's email address and contacting them through other communication channels to verify information if needed.

The security of Carbfix's systems has been reviewed and procedures have been changed to reduce the likelihood that similar attempts at online fraud will be successful in the future. Carbfix emphasizes that invoices to domestic entities are received electronically, if they receive such invoices, otherwise the invoice is sent as an attachment by email and not in the email itself.

The experiment was also reported to CERT-IS, the Icelandic government's cyber security team, whose role is to coordinate responses and educate people on what to look out for when it comes to cyber security. You can read more about it here https://cert.is/fraedsla/