What is bank transfer fraud?
Bank transfer fraud is a sneaky way of using a phishing email to con your business out of huge sums of money.
An email is sent from a higher-up to the department or person who handles your finances, requesting you forward a large payment to a client's account. Obviously this bank account is as illegitimate as the email, and if the money is sent businesses can lose thousands.
Why is this scam so convincing?
This is much more targeted than your run-of-the-mill phishing scam. The initial email won't be sent to the masses, and so is likely to get to your Inbox rather than go straight to Junk.
A domain may have been purchased to create 'internal' emails (using a misspelling of your website name like ''transendit.co.uk''), or they may have ''borrowed'' your CEOs email address and changed the reply-to address to email@example.com.
For example, Transcendit's finance director Tom Tinsley received the following email from managing director Adam Kuznesof, requesting a payment of £8,400 to be sent to an, 'Adamu Lawan'.
The email often says, 'sent from my iPhone' at the bottom to justify it's format and layout, and can sometimes feature an invoice or authorisation document as an attachment. And as the request came from the managing director, they're unlikely to question the request.
How can I avoid this scam?
The key element is the urgency of the transfer, which leads people to act first and think later. Some also say that the transfer should be kept 'secret' (a red flag if there ever was one).
If you are ever suspicious of a request sent over email, check with the sender over the phone or in person. Nothing is so urgent or secret that you can't double check with your CEO that they definitely authorised that payment of thousands.
Consider establishing a policy where large bank transfers have to be requested in person. Also ensure that anyone who handles finances in your business is aware of this scam, and understands how to recognise phishing emails.
Still not sure whether an email is the real deal? Give us a call on 0191 482 0444 and we can tell you whether it's safe or spam