Payment diversion fraud
Business email compromise and payment diversion fraud are sophisticated cyber crimes that target individuals and businesses, aiming to deceive them into transferring funds or sensitive information to cybercriminals posing as legitimate entities. These scams often involve impersonation tactics, compromising email accounts, and manipulating communication to divert payments or sensitive data.
How to spot business email compromise and payment diversion fraud:
- 1
Email spoofing: Fraudsters may spoof or mimic email addresses of legitimate contacts within your organisation or suppliers/vendors.
- 2
Urgency and confidentiality: Scammers create a sense of urgency, requesting immediate action or stressing the need for confidentiality to prevent scrutiny.
- 3
Altered payment instructions: Fraudulent emails provide altered bank account details, redirecting payments intended for legitimate transactions to accounts controlled by criminals.
- 4
Impersonation of executives or suppliers: Cybercriminals impersonate CEOs, CFOs, or trusted suppliers, convincing employees to initiate wire transfers or disclose sensitive information.
Protecting yourself and your business:
- 1
Reduce your digital footprint: Criminals use social media to gain information about staff members and key decision makers within an organisation which is used to make phishing emails more convincing. This includes information on birthdays, interests, friend groups, etc. This information is known as digital footprint. All staff should review their privacy settings within their social media accounts, especially senior management and consider removing any compromising information which can be used by criminals.
- 2
Verify payment requests: Always verify any payment or fund transfer requests through secondary communication channels (e.g., phone calls or in-person meetings) with known contacts.
- 3
Establish verification protocols: Implement a verification process that involves multiple individuals before executing any fund transfer or sensitive transaction.
- 4
Educate employees: Train staff members to recognise suspicious email characteristics and to be cautious with financial information, emphasising the importance of verifying requests.
- 5
Use Two-Factor Authentication (2FA): Enable 2FA on email accounts and financial systems to add an extra layer of security against unauthorised access.
- 6
Monitor account activity: Regularly monitor financial accounts and transaction histories for any unusual or unauthorised activity.
- 7
Secure communication channels: Use encrypted communication channels for transmitting sensitive financial information or conducting transactions.
- 8
Update security software: Ensure that antivirus, anti-malware, and email security software are up to date to protect against phishing attempts and malware.
What to do if you suspect fraud:
- 1
Report to us: Report incidents of suspected fraud to Report Fraud at 0300 123 2040 or report it to us online
- 2
Notify financial institutions: Contact your bank or financial institution to alert them of potential fraud and follow their instructions for securing your accounts.
- 3
Internal investigation: Conduct an internal investigation to determine the extent of the breach and implement measures to prevent future incidents.
Conclusion:
Business email compromise and payment diversion fraud pose significant risks to businesses and individuals, often resulting in financial losses and reputational damage.
By staying vigilant, implementing robust security measures, and educating employees, you can reduce the likelihood of falling victim to these sophisticated scams. Prompt reporting and cooperation with authorities are crucial steps in mitigating the impact of fraud attempts. Protect yourself and your business by remaining informed and proactive against evolving cyber threats.