‘Change of banking details’ fraud – where fraudsters impersonate legitimate suppliers in order to divert payments of invoices into their own accounts – continues to be prevalent and is becoming increasingly sophisticated. Companies need to be aware of this scam and how to implement the proper controls to prevent themselves becoming duped.

How does it work?

Fraudsters masquerade as genuine suppliers by sending forged or manipulated emails or documents to the target business. The fraudster informs the target that the supplier’s bank details have changed and that these new details should be used to settle any future invoices. The target updates their systems and so the next legitimate payment that is made, is then paid into the fraudster’s account. By the time that the actual supplier is chasing for payment, these sophisticated fraudsters have usually moved the money elsewhere and are incredibly hard to trace. 

While the attack often comes from outside the business, increasingly they can also come from inside the organisation via a compromised employee email account. For example, a fraudster may hack into the account of an employee and search their emails for information on suppliers who are about to receive a payment. They could then use the compromised email account to request their finance colleagues update the supplier’s bank account details in the company systems, providing assurances that proper security checks had been undertaken.

What are the warning signs?

It is always worth looking out for anything unusual in email correspondence relating to bank detail changes. Any misspelled words or incorrect grammar should be regarded as suspicious, as should any unusual contact telephone numbers being listed or if email signatures look low resolution or different to normal. If the email address differs (even slightly) from the usual company email format, this should be considered grounds for further investigation. Although it is worth remembering that if the fraudster has compromised an employee’s email account and is targeting the company from within, the sending address won’t raise any red flags as it is a genuine email account, just under the control of a third party.