Criminals are turning to sophisticated methods of scamming businesses out of money, convincingly posing as regular suppliers to trick them into changing supplier bank account payee details.

Despite £93m being lost to invoice fraud last year, over 43% of businesses aren’t even aware of it, let alone the threat it poses.

The process of changing the bank details for someone you’re paying should always be treated with extreme caution.

How it works

A criminal contacts you, posing as a genuine supplier, and asks you to change the bank details you use to pay them. It’s not hard for criminals to investigate your invoice details, even down to payment dates, to make their approach look more convincing. The message will often have a sense of urgency, and ask you to act immediately.

The fraudulent letters and emails they send are well-written, so the fraud is difficult to spot if you don’t have strong operating processes and controls. Email addresses are easy to spoof. If a PC is infected with malware, criminals can access genuine email addresses and take over existing email conversations. Requests made in writing often come on paper with a company’s letterhead to make them look convincing.

Four tips to help you stay safe

1. When you get bank account details by email or letter for making a payment, paying an invoice, or as part of for a notice telling you about a change of bank details, always verbally confirm changes by calling a known contact at the company to confirm the request is genuine, using details you have on file and not the ones in the message.

2. Build a process to check new bank details on invoices. Have a clear procedure for making payments in your business, and make sure all your staff know how these scams occur, particularly those responsible for making payments. If you feel pressured or anxious, take your time and ask for help.

3. Criminals can access or alter emails to make them look genuine – hacking real email addresses is on the increase. Do not use the contact details in an email. Instead, check the supplier’s official website or documents you know are real. Keep vital security software up to date to help protect your company’s devices from viruses and hackers.

4. Help protect yourself against all fraud by making sure we have up-to-date contact details for you and your business.