Protect Yourself from Wire Transfer Fraud: Essential Tips and Insights
Learn how to spot wire transfer scams, protect your finances, and take quick action if fraud occurs. Discover key prevention tips and reporting steps.
A payment redirection scam is a type of fraud where cybercriminals deceive victims into making payments to fraudulent accounts.
Since the criminal impersonates a business or its employees via email, this form of payment redirection fraud is sometimes referred to as business email compromise (BEC).
Small and medium-sized businesses in Australia lost $91.6 million to these scams in 2023, with the FBI also calling BEC the $50 billion scam in a recent public service announcement.
Here is a general overview of how payment direction scams work in practice.
Before the scam is carried out, malicious actors research the target. They will collect information on the company and its employees as well as its clients, vendors and other key stakeholders.
Based on the above, scammers craft fake but convincing emails that appear to come from trusted sources. In more elaborate schemes, the emails mimic the tone and communication style of the person involved.
Spoofed email addresses are also used where characters vary only slightly. For example, a “1” may be used in place of an “l”.
In business email compromise scams, emails may be sent from a legitimate email account that has already been compromised by the criminal.
Fraudulent emails are then sent with a request that relates to money in some way. One email may request an urgent payment on an invoice, while another may ask HR to direct an employee’s salary to a different account.
Some criminals (who have been monitoring email communication for some time) will contact the target with an email similar to one the target may be expecting. The hope is that the target fails to notice discrepancies in email addresses, payment details or other verifiable information.
Believing the suspicious email to be legitimate, the target then directs payment to the scammer’s account.
To conclude, let’s take a look at a few of the red flags of a payment redirection scam and how to avoid them altogether.
Criminals often impersonate suppliers and will attach notes to fake invoices with new BSB and account numbers. Every other aspect of the invoice is identical, including the number, amount due and even the email address it was sent from.
Before making the payment, it is vital the employee verifies the request with the person who sent it (even if the person is known to them). This must be done with contact details the employee has sourced themselves.
PayID, multifactor authentication (MFA) and dual payment approval processes are three ways for businesses to send money securely.
When this happens, employees should refrain from complying until the payment history and prior emails have been analysed. Past invoices should be examined and bank details verified with the supplier.
Employees must also avoid acting hastily when prompted to rush a decision. The creation of a false sense of urgency is common in payment redirection scams.
Scammers often impersonate the CEO, CFO or some other notable staff member to gain the target’s trust.
To avoid this tactic, the employee must verbally verify the request with the individual in question – no matter who the sender may be or how convincing their message.
Employees should be extra weary if the person reaches out unexpectedly or on a platform they don’t typically use.
Learn how to spot wire transfer scams, protect your finances, and take quick action if fraud occurs. Discover key prevention tips and reporting steps.
Vendor management is the act of ensuring that your third-party vendors meet regulatory requirements and contractual obligations. This safeguards your business from …
Multi-factor authentication (MFA) is a security method that requires users to prove their identity using two or more distinct factors before accessing …
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.