What is Invoice Redirection?
- Criminals pose as a creditor or supplier and tell you their company’s bank details have changed. The communication will ask you to make all future payments to a new fraudulent account.
- The fraudster may have gained access to compromised email accounts belonging to finance team employees.
- They use knowledge gained from compromised email accounts, such as billing frequency or customer interactions, to create identical looking invoices with similar language and logos, and send these to your customer. When the customer pays the invoice, the money goes straight to the fraudster’s bank account.
- There are several ways for attackers to get access to your mailbox, such as a password spray, an attack that attempts to access many accounts with a few commonly used passwords, or the use of malware and phishing, where attackers send an email with a link to a fake website that’s designed to steal credentials.
What to look out for
- Be vigilant. Check and challenge any request to change account details.
- Treat all requests from suppliers and creditors that request any changes to regular contact information, such as a telephone number, as suspicious.
- Contact suppliers and creditors independently to check the request is genuine. Use contact details you already hold or that have been obtained independently, not those included in the request.
- Don’t make any changes to contact or payment details until you’re certain it’s genuine, even if they’re claiming it’s urgent.
- Once you’ve made a payment, confirm with the intended beneficiary that it’s been received.
- In your out-of-office messages avoid sharing direct business phone numbers, names, titles and email addresses for other members of your organisation.
- Strengthen passwords for access to email accounts. Avoid common phrases and using the same password for everything. A good way to create a strong and memorable password is to use three random words and replacing some letters with numbers and symbols, for example, 42Greenwh@leOcean!
Actions you can take now
- If you use Bankline, enable dual authorisation for payments, templates and bulk lists. Any payments and changes must then be approved by a second user before being made.
- Share this page with employees and colleagues so they know what to look out for. Put security training in place and build a culture of security awareness in your business. You can use our webinars and resources to help.
- For the latest cyber security advice and resources to support your business, visit the National Cyber Security Centre (NCSC).
Always think twice and make double checking second nature
Take Five to stop fraud
Take Five is a national campaign that offers straight-forward and impartial advice to help everyone protect themselves from preventable financial fraud. This includes email deception and phone-based scams as well as online fraud – particularly where criminals impersonate trusted organisations.