Knowledge Hub Cyber Scams: Payment Diversion Fraud

Cyber Scams: Payment Diversion Fraud

Graphic of a laptop and an email popping out reading 'invoice due - new payment details'.
Graphic of a laptop and an email popping out reading 'invoice due - new payment details'.

What is Payment Diversion Fraud?

One very common attack type within businesses is payment diversion fraud.

The attacker impersonates a supplier to inform a customer that their bank details have changed. The customer then sends payment to the attacker, and not the supplier.

Step One

The attacker accesses an unsecure network or email account.

Step Two

The attacker monitors emails between suppliers and customers. This can sometimes continue for weeks or months. They will learn about the relationship and how the supplier communicates with its customers.

Step Three

When the opportunity arises, the attacker intercepts an email chain regarding a customer purchase. They impersonate the supplier, emailing the customer stating that their bank details have changed and they must now send payment to the updated bank details.

As a result, the customer sends payment to the hacker’s bank account. This is then transferred immediately from the account and the money is lost.

If the attacker can’t gain access to an unsecure account, they may still attempt payment diversion fraud by spoofing your company email or using other social engineering tactics.

How to avoid this happening to you:

From a supplier point of view, make sure your email accounts are secure. All staff should have multi-factor authentication and use passwords that:

  • Are not used on other sites
  • Are long and use a mix of characters (letters, numbers, and symbols)
  • Are made up of three random words

Additionally, if you get a sense that something suspicious is happening, for example, your laptop is operating slower than usual or you notice any unusual activity, always report it.

You can also ask your IT team or provider to set up monitoring for new mailbox rules. One trick attackers use is to set up a mailbox rule to automatically forward communication between you and their target. This means you likely won’t see any of the ongoing communication.

As a customer, if you ever receive an email or telephone call stating that a supplier’s bank details have changed, contact the supplier directly to confirm this with them. We’d recommend using their website to find their contact details as the attacker may have changed the contact details on their email signature.

What is Phishing?

Phishing is a form of cybercrime which targets victims by email, SMS or telephone. Criminals will pose as legitimate organisations to trick you into revealing sensitive data, such as bank details or passwords. This then results in identity theft or financial loss.

What is Multi-Factor Authentication (MFA)?

Multi-factor authentication (MFA) is an authentication method that requires two or more verification factors. This means that when you want to login to an account or a site, you’ll enter your password, and you’ll need to enter a secondary access key.

What is a Password Manager?

A password manager is a site or app which stores your passwords in one place. You will need to log in to your password manager before using it. But this is the only password you’ll need to remember.

All FAQs
Laptop graphic with fishing rod and red fish

How to Recognise Phishing Attacks

For more information on how to recognise phishing attacks, read, watch, or download our free guide.

Latest Guides

Microsoft 365 Monthly Feature Update. Microsoft Logo.
Microsoft 365 Monthly Feature Update
Check out our top Microsoft 365 feature releases each month.
Read more
The New Outlook Logo on top of the Classic Outlook Logo
New vs Classic Outlook – What’s the Difference?
Read or watch our summary of the key differences.
Read more
Graphic of a document with AI Policy as the header.
Writing Your AI Policy
AI isn't going anywhere. Read our top recommendations to include in your AI policy.
Read more