It is very real and a common day problem

News & blog » Payment scams – are you aware?

July 13, 2017

Mike Foster

[PREVIOUS] Supporting members of the Armed Forces

[NEXT] Managing staff sickness

Many conversations with the banks at the moment tend to be warning us of the risk of payment scams. It is very real and a common day problem for the banks and of course, us as customers.

Payment fraud is any fraud that involves falsely creating or diverting payments. As consumers, we have become more aware of fraud attempts, so the fraudsters are again and again using new techniques in an attempt to defraud us. Often, the banks are not responsible, as they have acted on the instructions received. It’s just that the instructions were changed or influenced in some way before the bank received them.

For our latest blog, we thought we would highlight three of the most common payment scams, so you can avoid being caught.

Is it really you authorising payments from your account?

As an example, your Bookkeeper, or colleague responsible for making online payments, receives an email asking for an urgent invoice payment to be made and it appears to be from you. What would they do? Just pay it or query with you?

Please be aware. There is a huge rise in spoof email payment instructions, when the fraudster ghosts the name of the business owner, copies the company email footer / style and sends an invoice with the urgent payment request to the bookkeeper. They have often obtained previous email communications via an enquiry or other source, to copy the format of your emails, so that they look very genuine. There have been examples where the fraudster has followed a social media account to identify someone is on holiday or at a conference and mentioned that they would not be contactable for that reason.

Of course, all the content is made up except the bank details quoted on the spoof invoice and the account to which you are asked to make the payment to.

Do you have a process in place to check all payment instructions before they are received at the bank?

New bank details received for a supplier

Following a purchase, you have received an invoice for payment and added this invoice to your bookkeeping software for payment at a later date. In line with good practice, you usually then pay your suppliers when your debtors report advises that the invoice is now due.

In the interim, you or a colleague receive a letter advising that the bank details have changed for future payments to that supplier. What would you do?

Many businesses just trust the instruction and update the bank details for the next payment run without checking.

Again this is spoof. The fraudster has found out your suppliers, perhaps with spyware or just observation of your online or offline activity. They have pinched the logo from the suppliers website, copied the style of their communications and created a letter that looks genuine.

Sometimes, they will even quote an 0800 type number, which if you called would actually be the fraudster pretending to be the supplier.

Of course, this can also be in relation to your more long term suppliers, not just your new, but often new contacts are referenced as it is less likely for you to have a more personal relationship with someone at that business and will trust the telephone numbers or information provided.

Please check and double check. Check with the supplier using the contact details you already have. We recommend making sure that your team and any external support are aware of scams like this.

A virus attack embedding code on your PC

Another scam is a Trojan virus that automatically changes the bank account details of payment instructions, when batch transactions are exported from your accounts software to your bank payment system. During the data integration between the systems, a virus makes changes.

So instead of paying your supplier, you pay the fraudsters bank account, which will be closed before your supplier advises they never received the payment. If it is not possible to check them all, it is good practice to at least undertake a random check of the bank account information you are paying,  BEFORE you hit the authorisation button in your online banking or payment software.

Online data security is critical, however too many business owners and home users just think it won’t happen to them. From our experience, it is not only the potentially lost data or actions taken by the hackers or fraudsters, but also your downtime fixing the problem. So here are some thoughts to reduce the chance of a PC attack happening to you:

  • Don’t use just one password for everything. Use a passphrase instead of a password and change it regularly whilst carefully considering how you store reminders securely
  • Avoid or be careful opening emails you don’t recognise or attachments you are not expected, especially zip files.
  • Install reliable Virus and Firewall software that is kept up to date. Consider installing an anti-spyware / malware tool.
  • Make sure that your operating system is set up to receive automatic updates and Protect your computer by downloading the latest patches or security updates, which should cover vulnerabilities.
  • Ensure your network is secure
  • Securely remove all personal information before disposing of old computers

 

These are just 3 examples of payment scams that you should be seriously considering. As mentioned, if you are seen to have given the payment instruction to the bank, then there is likely to be no recourse.

Contact details

  1. E: info@arrochar-associates.co.uk
  2. Tel: 07968 534034