Recently, we have seen a rise in a particular type of phishing attack on businesses. The attacker impersonates a supplier to inform a customer that their bank details have changed. The customer then sends payment to the attacker, and not the supplier. This is known as payment diversion fraud.
What is Payment Diversion Fraud?
Step One
The attacker accesses an unsecure network or email account.
Step Two
The attacker monitors emails between suppliers and customers. This can sometimes continue for weeks or months. They will learn about the relationship and how the supplier communicates with its customers.
Step Three
When the opportunity arises, the attacker intercepts an email chain regarding a customer purchase. They impersonate the supplier and email the customer stating that their bank details have changed, and they must now send payment to the updated bank details.
As a result, the customer sends payment to the hacker’s bank account. This is then transferred immediately from the account and the money is lost.
How to avoid this happening to you:
From a supplier point of view, make sure your email accounts are secure. All staff should have multi-factor authentication on and use passwords that:
- Are not used on other sites
- Are long and use a mix of characters (letters, numbers, and symbols)
- Are made up of three random words
Additionally, if you get a sense that something suspicious is happening, for example, your laptop is operating slower than usual or you notice any unusual activity, always report it.
As a customer, if you ever receive an email or telephone call stating that a supplier’s bank details have changed, contact the supplier directly to confirm this with them. We’d recommend using their website to find their contact details as the attacker may have even changed the contact details on their email signature.
