Fraudsters are taking advantage of the confusion generated by the coronavirus to increase the number of banking frauds.
According to a Barclays’s security spokesman, Barclays has seen an increase in the level of attacks through beneficiary/payee change requests with fraudsters exploiting payment control weaknesses so that they can redirect payments to accounts they control.
How scam works
Fraudsters request payee changes by phone and email instructions, pretending to work for suppliers or a business associate.
Criminals are equipped with the detailed information they get from social engineering, convincing you into making an urgent payment. These instructions appear to be genuine and can be hard to spot, with only the slightest variations to email addresses or correspondence.
Fraudsters can also use sophisticated methods to hack and monitor email accounts and insert fake emails containing new bank account details.
Ultimately with these particular scams, it’s important to make sure you have robust internal processes in place and they are adhered to in every instance.
Tips to help you stay safe
Here are some practical security measures to help protect your business and keep your payment control processes robust.
- When receiving bank account details to make a payment, pay an invoice, or as a request for a change of bank details, always call a known contact to verify the request is genuine using details held on file, and not on the instructions received
- Always check for irregularities including changes to supplier names and addresses and changes to invoiced amounts. Ensure staff who process payments and have the authority to change bank details are vigilant and appropriately trained
- Set up dual-authorisation procedures for changes of payment information, so more than one person needs to approve them
- Don’t allow staff to be pressured by urgent requests, even if they appear to be from someone senior. Always check with a known contact on a trusted number
- Have a strict payment process in place. Regularly review these internal controls so they are fit-for-purpose.
To avoid this situation, your details must be up to date. For instance, if you bank with any high street banks, you can update them using Online Banking or through their Relationship team.
Want to know more about fraud and scams?
Please make sure you raise the subject of fraud prevention with your banking staff. Banks have dedicated webinars and on-demand content that provides awareness on the key threats to your business from cyber fraud and scams.
Think you’ve been a victim of fraud or scam?
Contact immediately your bank and find out what your next steps will be.