Organisations are at risk of falling prey to a very clever bank payment fraud scam that takes advantage of a compromised email system.
The fraudster will get control of one of your suppliers’ computers and monitor the email traffic for some time. Once they have established a pattern, they can send you an email advising you to transfer future payments to a new bank account. This is a key element of the bank payment fraud. They are able to get control of the computer by a number of means: malware, phishing or even insider information.
You would naturally change the bank account payment details and process future payments, not realizing that the money is being transferred to the fraudster’s account. The bank is normally in Hong Kong. From there the money is usually quickly transferred to another bank in another country. Retrieving the funds is very difficult as you need to deal with courts and banks in foreign countries. Timing is critical.
What to do?
- Call every supplier that requests a change to their banking details and confirm
- Install business grade antivirus and antimalware software on every computer
- Alert all accounts staff to these kinds of frauds so they are aware of the risks. Read this example.