Recently, we have seen a rise in a particular type of phishing attack on businesses. The attacker impersonates a supplier to inform a customer that their bank details have changed. The customer then sends payment to the attacker, and not the supplier. This is known as payment diversion fraud.

What is Payment Diversion Fraud?

Step One

The attacker accesses an unsecure network or email account.

Step Two

The attacker monitors emails between suppliers and customers. This can sometimes continue for weeks or months. They will learn about the relationship and how the supplier communicates with its customers.

Step Three

When the opportunity arises, the attacker intercepts an email chain regarding a customer purchase. They impersonate the supplier and email the customer stating that their bank details have changed, and they must now send payment to the updated bank details.

As a result, the customer sends payment to the hacker’s bank account. This is then transferred immediately from the account and the money is lost.

How to avoid this happening to you:

From a supplier point of view, make sure your email accounts are secure. All staff should have multi-factor authentication on and use passwords that:

  • Are not used on other sites
  • Are long and use a mix of characters (letters, numbers, and symbols)
  • Are made up of three random words

Additionally, if you get a sense that something suspicious is happening, for example, your laptop is operating slower than usual or you notice any unusual activity, always report it.

As a customer, if you ever receive an email or telephone call stating that a supplier’s bank details have changed, contact the supplier directly to confirm this with them. We’d recommend using their website to find their contact details as the attacker may have even changed the contact details on their email signature.

Latest Guides

PC, Laptop and Mobile graphic
What is Bring Your Own Device?
BYOD may apply to your organisation without your knowledge. Find out more about what it is and how to remain secure...
Microsoft Teams Together Mode
The New Features Coming to Microsoft 365: May
Expanded reaction emojis, SMS reminders, new RSVP options, and more from Microsoft.
An Introduction to Microsoft Teams | Video Series
This video series will give you an introduction to Microsoft Teams.