By hacking your email account, they intercept and redirect invoices, and then alter the banking account details to defraud you.
How the scammers do it
The scammers often get your username and passwords through phishing emails and then hack your personal or business email account.
They troll and monitor your email account for an opportunity to intercept an invoice. For example, when you are purchasing goods and awaiting an invoice on email, or if your business is sending an invoice by email.
The scammers intercept an email, change the bank details on the invoice and send it on for payment. In many cases, they use spoofing to make the email address seem credible and trustworthy. Spoofing changes a letter or domain in the email address to make it appear legitimate.
The recipient pays the invoice thinking it comes from a legitimate source –when in fact the money is paid into the scammer’s account.
What are the consequences?
This type of fraud can lead to strained business relationships as neither party feels that they are responsible for the fraud. It can also lead to a loss of funds and may take a long time to sort out if there are legal implications.
This scam is prevalent in the conveyancing space. If you are a conveyancer or an estate agent, take extra precautions.
Do not be a victim
Here are some tips to help you prevent this fraud:
If you are running a business, you can pre-empt this type of attack. Let current and new clients know that your banking details will never change. If they receive any correspondence announcing a change in bank details, advice those to contact you and verify you are banking details before they pay.
You can also consider leaving your bank details off your invoices and call clients to give them this information instead.
If you are an individual who is supplying banking details, do not email invoices with bank details. Rather give your banking information directly over the telephone.
Receive Focus insights straight to your inbox