Beware email payment fraud
E-mail interception is becoming an ever-growing problem in the world of cyber fraud.
We usually hear about this occurring in the conveyancing industry given the large value of transactions, affecting home buyers/sellers and solicitors, however we are now seeing this type of fraud regularly across all industry types for transactions of varying sizes.
What is email payment fraud?
By hacking email accounts, fraudsters are able to intercept email correspondence between businesses and their clients.
Where bank details are included within an email, or more typically in an invoice attached to the email, the fraudster can almost seamlessly amend the payment details to that of their own bank account.
This can lead to a deterioration in the business/client relationship, as neither party feels it is their fault.
What can you do as a supplier?
To prevent hackers from accessing your systems in the first place, ensure you have robust, up-to-date cyber security systems and ensure that your WiFi is protected with a password.
If possible you should exclude payment details from invoices and emails and instead provide these details over the phone as a means to prevent email payment fraud, however this is not practical for businesses with a large volume of customers.
We recommend that businesses communicate to all existing and new clients that their bank details will never change, and include a statement to this effect on all email and letter correspondence, as a continuing reminder.
There are also some business insurances that cover cyber fraud.
What can you do as a buyer?
There are a number of preventative actions that you can take as a buyer:
- If a business emails you and the bank details have changed from what you are expecting (check them against previous payments made), call the business using a number you already hold or have taken from their website to verify the account details. Do not reply to the email or use the contact details provided within the email, as these details could also be false if the email is fraudulent.
- As well as intercepting emails to clients, hackers can send emails that appear as though they have come from other staff members internally, perhaps the CEO, requesting a payment be sent to a supplier. If there is any uncertainty over the validity of the email call the individual in question to confirm.
- Be wary of any pressure to make payment.
- Check the email address from the sender – they may have made a very minor amendment to the usual email address used to make it appear legitimate.
- Educate your employees so they can spot a fraud attack of this kind.
If you are ever unsure, telephone your normal business contact to verify the payment details.
Recent positive steps – scam victims to be refunded by banks
Only this week it was announced that some banks have made effort to alleviate the often-devastating effects of fraud by committing to a voluntary code. This code should mean that more victims will be reimbursed in cases when neither the bank nor the customer are deemed to be of blame. Previously, banks only tended to reimburse people if there was an obvious fault in the way the payment was handled by the bank but now anyone who has taken reasonable care, or has any element of vulnerability, is much more likely to receive a refund of the lost money. It will be interesting to see though what is considered to be “grossly negligent” by the banks, what other banks will sign up to the code, and whether or not it will eventually be given mandatory status. Read the BBC article here.
For further information please speak with your usual Kreston Reeves adviser, or Jodie Jones here or on +44 (0)330 124 1399.
Join over 8000 businesses and individuals who receive our complimentary e-bulletins by signing up here.
Subscribe to our newsletters
Our complimentary newsletters and event invitations are designed to provide you with regular updates, insight and guidance.
You can unsubscribe from our email communications at any time by emailing firstname.lastname@example.org or by clicking the 'unsubscribe' link found on all our email newsletters and event invitations.