Cyber
criminals and hackers are targeting these industries specifically due to the
high values that change hands on a regular basis via electronic transfer. The
scam typically involves illegally accessing the email accounts of both
businesses and customers, intercepting the correspondence, and replacing the
bank details of the payee with different bank details, after which the money is
swiftly transferred elsewhere. The offending invoice or bank details appear to
come from the business itself, so there is nothing to suggest anything untoward
has occurred. Once the money has been transferred to the criminal bank account,
it is rapidly dissipated between dozens of other bank accounts, effectively
‘disappearing’, with the original invoice remaining unpaid.
AXA
ART Insurance recommends that all policyholders be aware of this scam and
advise the following:
Only
send invoices or sensitive information by email if it has been encrypted i.e.
password-protected.
Regularly
change your email account password.
Double-check
the sort code and account number with a verified contact directly by phone
– emails could be intercepted and false confirmation sent as part of the scam.
On
large transfers, send a small instalment first to ensure that the funds have
been received and the recipient’s details are correct, before following up with
the balance.
Consider
using ‘Paym’, which requires additional verification of a recipient’s
name/account name (www.paym.co.uk)
Please
do get in touch with any questions, thoughts or experience.