Payment fraud: the scary way cyber criminals are compromising small businesses
Fake invoices and payment redirection scams are one of the ways cyber criminals target small businesses. These clever tricks and sophisticated techniques hoodwink unsuspecting business and payments managers into making payments straight into the account of scammers.
What exactly is payment fraud?
Payment fraud is a type of business compromised email attack that scammers use to send fake invoices or edit real ones to ensure payment is made to them, instead of you or your suppliers.
Usually, the scammers get access to a businesses email account, then use it to send fake invoices or edit legitimate ones. By inserting their own bank details, they trick businesses into paying money directly to them. Some of these fakes are so convincing it can be difficult to spot before it’s too late.
How can you protect your business from payments fraud?
There are some simple steps all accounts payable managers (or anyone making payments in business) can take to guard against this type of scam.
- Secure your email with multi-factor authentication
- Stick to your usual payments handling process
- Confirm invoice details directly with suppliers using a trusted contact number.
- Watch for red flags and get a second set of eyes to check with you:
Warning sign to watch out for:
- Uncommon email address
- Unusual request
- Unexpected invoice
- Urgent or confidential
- Unsophisticated or contains typos
Case study: Fire damage, then fraud: A newsagent takes a double hit.
Imagine suffering damage to your business in a fire, and then having the insurance payout scammed from you. This is what happened to a small newsagent in NSW recently. Ian Booth, secretary of the Newsagents Association of NSW and ACT (NANA), is working to educate his association’s members on payments fraud, and saw this case unfold:
“Scammers noticed that an insurance claim was under way and managed to hack the newsagent’s email. They intercepted the payment instructions to the insurer, then used it to supply the scammer bank account details. The insurers paid the funds to the cyber criminals, instead of to a business which was expecting the money in order to rebuild.”
In this particular case, the funds were able to be recovered and directed to the business. But Ian warns that businesses need to be careful: “NANA is working to support our members become more cyber safe, in order to avoid data breaches and big losses to their small business. They need to take all the steps – backups, anti virus software, everything.”
Help protect your small business from scams and hackers with free and simple cyber security training
