Neuways continues to see a number of email scams relating to banking details.
By hacking email accounts, scammers can intercept invoices and change the payment details of individuals and businesses.
Do Not Open, Click, Or Respond
Fraudsters are using phishing emails to steal usernames and passwords, allowing them to hack personal or business email accounts. They then monitor email accounts for an opportunity to intercept an invoice.
This works by a scammer intercepting an email, changing the bank details on the invoice, and sending it on for payment. In many cases, they use spoofing to make the email address seem credible and trustworthy.
The victim then pays the invoice, thinking it comes from a legitimate source, when in fact the money is paid into the scammer’s account.
If you receive an email requesting you to make pending payments to different bank details (different account, sort code, BACS) then it is highly likely this an attempt to trick you in to handing money over to cyber criminals.
Such scams cost consumers and businesses hundreds of millions of pounds, according to UK Finance. It’s known as “push-payment fraud”.
Often the email received can look rather basic, not contain a properly formatted email signature or even come from a spoofed address.
When emails come from compromised accounts where genuine emails have been intercepted and changed, they are much harder to spot.
Both are likely a phishing email attempting to defraud your business out of your confidential personal and financial details.
Do not click or respond.
It’s highly irregular for any business to ask for financial details via email, and any request should be regarded with extreme caution and suspicion.
Darren’s Simple Steps to Stay Safe
Vigilance is the only protection from ‘payment’ fraud – I recommend these simple steps to stay safe:
- Always check bank payment details you have on file, do not make a payment based on bank details printed on an invoice or contain in an email.
- Never pay ‘new bank details’ without seeking clarification, by calling the company you need to make a payment to.
- Never call using contact details provided in the email, check your files or the internet for the relevant contact number.
- Never reply to emails requesting financial information unless you are certain they are legitimate.
If in doubt, don’t risk opening, clicking, or responding to the email. Contact the help desk for more information.