Payment Diversion Fraud – protecting your data
Financial crime can affect any of us in both our work and personal lives. We’re taking a closer look at Payment Diversion Fraud – one of the most common types of financial crime – to help you better protect yourself and our business.
Financial Crime is defined as any kind of criminal conduct relating to money, financial services or markets.
Knowing what to look out for and what action to take can help you to better protect your business from these risks both professionally and personally.
Payment Diversion Fraud
Fraud is the most recognised type of financial crime and ‘payment diversion fraud’ otherwise known as authorised push payment (APP) is a when criminals deceive a victim into transferring money to a scammer instead of the intended recipient. There are three main types:
- Mandate fraud: A fraudster contacts you pretending to be client or supplier. The fraudster advises that the bank details have changed and asks you to update your records. After which all payments associated with the client or supplier will be paid to the fraudster’s bank account.
- False payment instructions: This is where someone hacks into emails and sends false payment instructions so money is paid into a fraudsters account. This can also include hacking or masking email communications between the company (or you).
- Fraudulent bank communications: You may receive a communication from a fraudster claiming to be a bank. The person responsible has normally obtained certain details of confidential bank account information, personal or company, and therefore appears credible. This can lead you to reveal further bank account security details enabling the fraudster to make unauthorised online payments.
Payment Diversion Fraud during Covid-19
Sadly in the current climate, fraudsters are using the Covid-19 pandemic to facilitate Payment Diversion Fraud, using email titles such as ‘vaccine queue jumping’ to attempt to entice people to click on phishing emails.
A number of people have also reported receiving phone calls, texts or emails allegedly from banks and/or HMRC (stating tax due is to be paid), and then pressure is exerted to attempt to get the recipient to click on links or give out details, which will then leave them vulnerable to a fraud attack.
Below is some helpful information on how to spot Payment Diversion Fraud attempts at any time.
What to look out for
Much like with cybercrime, fraudsters are getting increasingly more sophisticated in their methods of obtaining information to enable them to carry out payment diversion fraud, but there are some tell-tale signs that you can look out for:
- Pressure or coercion – exerted either by email or on telephone calls to try to make you action bank account changes or payments quickly
- Unrecognised or masked email addresses – these either don’t match the sending company or by hovering over a ‘mail to’ link will show the underlying recipient’s email address, so you can check the address an email will be sent to.
- Falsified letters or emails – letters or emails often contain false contact details that divert to the fraudster when a company or individual calls or emails to confirm the change., Always check the validity of an invoice using known contact details that don’t come from the invoice.
Remember, although letters or emails may have an official company logo at the top, this is often readily available on the internet, it may not still be on official letter headed paper.
- Pretext calls – before sending fake instructions, a fraudster will often make so called ‘pretext’ telephone calls to try and get information which will then be used to increase their chances of success, including asking for names or direct telephone numbers of people. Be vigilant of such calls and don’t give away names of people who work for the company to unverified callers.
Speak to CCS Insurance Services to find out more about how we can protect you and your business against the financial and reputation impact of fraud.