What's happening?

Fraudsters are using phishing emails to steal usernames and passwords, allowing them to hack your personal or business email accounts.

They then troll and monitor your email account for an opportunity to intercept an invoice. For example, when you are purchasing goods and awaiting an invoice on email, or if your business is sending an invoice by email.

The scammers intercept an email, change the bank details on the invoice and send it on for payment. In many cases, they use spoofing to make the email address seem credible and trustworthy. Spoofing changes a letter or domain in the email address to make it appear legitimate.

The recipient pays the invoice thinking it comes from a legitimate source, when in fact the money is paid into the scammer’s account.

What are the consequences?

This type of fraud can lead to strained business relationships as neither party feels that they are responsible for the fraud. It can also lead to a loss of funds and may take a long time to sort out if there are legal implications.

This scam is prevalent in the conveyancing space. If you are a conveyancer or an estate agent, take extra precautions.                       

How to protect yourself

Here are some tips to help you prevent this fraud:

• If you are running a business, you can pre-empt this type of attack. Let current and new clients know that your banking details will never change. If they receive any correspondence announcing a change in bank details, advise clients to contact you and verify your banking details before they pay.
• You can also consider leaving your bank details off your invoices and calling clients to give them this information instead.
• If you are an individual who is supplying banking details, do not email invoices with bank details. Instead,  give your banking information directly over the telephone.