This warning from Police Scotland:
INVOICE REDIRECTION SCAM
A new style of financial fraud has occurred in Perth & Kinross recently.
By hacking into email accounts, scammers are able to intercept legitimate invoices and change the banking details that payments are to be made to.
In a recent incident, reported in South Perthshire, a small business was requested to pay an outstanding invoice of over £7000 to a local builder. The small business received an email requesting that the builder’s bank account details be amended. The email appeared to have been sent from the builder and so payment was made, as requested, to the new account. About a week later the builder queried why the payment hadn’t been received. It was then discovered that the email to change the bank details was not genuine.
In a similar incident, a Tayside company was requested to pay an invoice. The email provided new banking details for the payment to be made to. In this incident over £155000 was paid out due to the fraudulent email.
So what is happening?
Personal and business emails are being hacked by fraudsters. The fraudsters then scroll through and monitor emails in the account and intercept any relating to invoices.
The fraudsters change the banking details on invoices, or send emails providing changed bank account details for payments to be made to. The recipient then pays the invoice believing it is from the legitimate source, when in fact the money is going directly into the fraudster’s account.
How do I protect my business?
Let your clients known your banking details will never change.
Inform your clients to contact you personally if they receive a request to update your bank account details.
Do not provide bank details on invoices, call clients to provide this information.
If you receive a request to make payment, to a new bank account, by one of your clients, phone them to confirm it is genuine – but don’t use the contact number on the invoice you’ve just received as it’s likely to be false too.