1. Home Heraeus Group / 
  2. Services / 
  3. Scams and Frauds

Scams and Frauds

Trust and secure communication are essential to how Heraeus works with customers, partners, and stakeholders worldwide. To help protect against fraudulent messages that misuse company names or identities, we provide guidance on how to recognize suspicious communications and verify whether they genuinely originate from Heraeus.

Fraud Awareness

What to look out for

Scams will often originate by email and may take a few forms, including, but not limited to:

  • requests for password or bank account details and links to helpful or relevant websites
  • allegedly urgent need for action (e.g. payments)
  • offering money
  • threatening legal action if the victim does not respond
  • malicious attachments made to look innocuous such as an industry update

A key element of fraud is to deceive the victim and enter some form of communication with them. This involves using the examples from the bulleted lists to trick the victim into taking an action, such as clicking on a link. In general, you should carefully check any link in emails before accessing it.

Fraud Examples

Known fraudulent communications where Heraeus’ name has been used contained the following red flag features:

  • Change in bank account details. Heraeus strongly warns our customers about providing personal information, sending money or disclosing/changing bank details due to any person claiming to represent Heraeus only via email. Heraeus will never advise of a change in our bank account details in the body of an email. If you receive an email of this nature, you should check on the telephone with a Heraeus person known to you before making payment.
  • An unusual originating email address. All authentic Heraeus email addresses use a valid Heraeus domain (see above). Any communication purporting to be from Heraeus but not using this email domain is more than likely fraudulent. Please also be aware that email addresses can be spoofed, so you should check that the reply-to address is not unusual.
  • Email missing invoice attachment. In some cases, a perpetrator may send an email without attaching an invoice, to prompt the recipient to respond to request the attachment, building a degree of rapport or trust.
  • Job offer. Criminals posing as employees/recruiters offer fake job positions and try to obtain sensitive information (e.g., bank details). In some cases, the victim is asked to pay for the job offer or the interview.

A communication containing any of these features is highly unlikely to have originated from any Heraeus entity and should be treated with caution. If you receive an email or invoice with any of these indicators, do not correspond with the sender. Please report the incident to  it-security@heraeus.com immediately.

Please note that the above is not an exhaustive list, and we encourage you to take action with respect to any emails that seem suspicious, whether or not they contain any of the aforementioned features.

Email Security Recommendations

For secure communication we recommend always validating received email purporting to be from Heraeus by the following email security standards:

  • TLS encryption for SMTP connections of mail servers
  • SPF/DKIM/DMARC protocols to verify mail server authenticity
  • Enforced DMARC policy: Incoming emails that fail DMARC validation should be rejected or quarantined
  • [Optional] End-to-end signature & encryption like S/MIME

Reporting Incidents

If you receive a communication purporting to be from Heraeus that you believe may be fraudulent, or you wish to clarify the authenticity of any invoices or emails that appear to have been sent to you by Heraeus, please contact us.

Heraeus IT Security
Send Mail