- Change in work practices prompts a notable increase in fraud on business.
- Businesses urged to treat any requests to change supplier bank account details or transfer funds with extreme caution.
- Businesses should check with a known contact at a known number every time.
Bank of Ireland UK is advising businesses to be on increased alert against fraudsters during the current period of change, as many companies reopen their workplaces and employees adapt to new hybrid work practices. Bank of Ireland has recorded a marked increase in reported cases of ‘invoice redirection’ in the weeks since Government work from home advice was lifted, as fraudsters have used this period of change to capitalise on vulnerability.
Invoice redirection fraud is where fraudsters pretend to be a supplier or service provider in order to trick employees into changing bank account payee details. A common tactic is to tell the business that their bank account details have changed and for all payments to be sent to a new account, controlled by the fraudster.
What to look out for:
- Fraudsters may write to a company’s finance or payments department either on forged headed paper or by email, pretending to be a supplier.
- Typically, they will say that their account details have changed.
- The payee account may be located either in the UK or overseas
- The fraudster may ask an employee to send a pending payment to the new account or to ensure that all future payments are sent to the new account.
Darren Woodburn, Financial Crime Business Partner at Bank of Ireland UK commented: “We know that fraudsters thrive in periods of change or uncertainty for business, where attention may be focused on other priorities. While the winding down of pandemic restrictions and the return to workplaces is positive news, after two years of remote working, this period will bring considerable change to many companies. Companies and their suppliers may be working in different ways, with team changes or the introduction of new processes and procedures.
“Business email fraud at any time has the potential to have a devastating impact on business. Training staff on the warning signs and verbally checking requests with a known contact will help safeguard business against avoidable losses. We are urging businesses not to drop their guard against email scams.”
Bank of Ireland’s advice to business:
- Be sceptical of urgent requests that do not follow typical company procedures and policies.
- Establish a documented internal process for requesting and authorising all payments.
- Consider how your business issues and accepts payment instructions. Email is NOT considered a secure means of communication unless encrypted.
- Always verify that the email is from the real sender before making any payment.
- Under no circumstances should contact details contained in the email or attachments be relied upon to verify the request.
- Notify the Bank immediately if you receive a suspicious email relating to payments or if you think you have been the victim of fraud.
Click here for examples of business fraud and for advice on how to protect your business.
Bank of Ireland UK is committed to building awareness around fraud. Bank of Ireland UK will continue to focus on the issues around fraud, through the Bank’s own channels and by working collaboratively with UK Finance and via the Take 5 initiative.