Imagine that one of your suppliers emails you to notify you that their bank details have changed, and asking you to make future payments using the new details… Sounds plausible enough, doesn’t it?
How about your solicitor receiving an email on the day of sale completion for your house move, informing them that bank account details have changed at the last minute and that money should be put into a different account? There’s hardly time to question a detail like that on such a busy day…
These are real scenarios happening regularly, only the email is not coming from the person you think it’s coming from. Hackers have been using other people’s email accounts to find out when large sums of money are to be transferred, and then diverting them into their own accounts. The emails are very believable – for a start they come from your genuine supplier’s email account (you don’t know it’s been hacked), and secondly, because hackers look at email conversations beforehand, they use exactly the same wording as the legitimate sender would. The consequences, of course are devastating to the victims, costing thousands upon thousands of pounds, and untold inconvenience.
Of
course, by the time you realise that the money hasn’t arrived in the right place, the criminals have drained the money from the account they asked you to transfer it to, and disappeared.
They often send the scam emails late on a Friday, giving them more time to avoid detection as people are less likely to check their bank accounts over the weekend, and banks are less responsive at this time. Because of this, the scam is also often dubbed the “Friday afternoon fraud”.
While fraud victims are usually refunded by banks if they aren’t at fault, people who transfer money to a criminal’s account – even if they are unaware that they are doing this – do not have the same protection because banks say the money has been handed over voluntarily.
To protect yourself from frauds like these requires a two-pronged approach:
- The first is to make sure that you’re armed with all the latest updates of anti-virus and anti-malware software, as well as the latest security patches for all software, have firewalls in place, use secure passwords and so on. In other words, have your IT well protected. Give us a ring for more details if you have any doubt about the security of your computers.
- The second is to be aware of these tactics used by fraudsters, and to make sure that your staff are too. Make sure no-one responds to a request to transfer money to a different bank account without verifying it first (why not ‘phone through to your supplier to check that it really was from them?). Sadly, it pays to be cynical and question everything. It’s bet
ter to double-check and look silly, than not do it, and seriously regret it afterwards.
ter to double-check and look silly, than not do it, and seriously regret it afterwards.If you become aware that a fraud like this has taken place, you can report it to Action Fraud, the UK’s national fraud and cyber crime reporting centre, run for the Police.