Knowledge Hub Cyber Scams: Payment Diversion Fraud

Cyber Scams: Payment Diversion Fraud

Laptop with fish hook taking money graphic
Laptop with fish hook taking money graphic

Recently, we have seen a rise in a particular type of phishing attack on businesses. The attacker impersonates a supplier to inform a customer that their bank details have changed. The customer then sends payment to the attacker, and not the supplier. This is known as payment diversion fraud.

What is Payment Diversion Fraud?

Step One

The attacker accesses an unsecure network or email account.

Step Two

The attacker monitors emails between suppliers and customers. This can sometimes continue for weeks or months. They will learn about the relationship and how the supplier communicates with its customers.

Step Three

When the opportunity arises, the attacker intercepts an email chain regarding a customer purchase. They impersonate the supplier and email the customer stating that their bank details have changed, and they must now send payment to the updated bank details.

As a result, the customer sends payment to the hacker’s bank account. This is then transferred immediately from the account and the money is lost.

How to avoid this happening to you:

From a supplier point of view, make sure your email accounts are secure. All staff should have multi-factor authentication on and use passwords that:

  • Are not used on other sites
  • Are long and use a mix of characters (letters, numbers, and symbols)
  • Are made up of three random words

Additionally, if you get a sense that something suspicious is happening, for example, your laptop is operating slower than usual or you notice any unusual activity, always report it.

As a customer, if you ever receive an email or telephone call stating that a supplier’s bank details have changed, contact the supplier directly to confirm this with them. We’d recommend using their website to find their contact details as the attacker may have even changed the contact details on their email signature.

What is Phishing?

Phishing is a form of cybercrime which targets victims by email, SMS or telephone. Criminals will pose as legitimate organisations to trick you into revealing sensitive data, such as bank details or passwords. This then results in identity theft or financial loss.

What is Multi-Factor Authentication (MFA)?

Multi-factor authentication (MFA) is an authentication method that requires two or more verification factors. This means that when you want to login to an account or a site, you’ll enter your password, and you’ll need to enter a secondary access key.

What is a Password Manager?

A password manager is a site or app which stores your passwords in one place. You will need to log in to your password manager before using it. But this is the only password you’ll need to remember.

All FAQs
Fish on a fishing rod and envelope graphics

Guide: How to Recognise Phishing Attacks

For more information on how to recognise phishing attacks, read, watch, or download our free guide.

Latest Guides

Microsoft 365 Monthly Feature Update. Microsoft Logo.
Microsoft 365 Monthly Feature Update
Check out our top three Microsoft 365 feature releases each month.
Read more
Microsoft File Version History
How to Restore a Previous File Version
Looking for a previous version of a file? Here's how to recover it.
Read more
Jess speaking into headset at her desk in the Breakwater office.
What is the PSTN Switch Off?
In January 2027, the Public Switch Telephone Network (PSTN) will be switched off.
Read more