In the past, financial fraudsters had to have access to your bank account in order to steal money from you. They would take your money from your account and then spend it. Nowadays, because of technology, they don’t need to have access to your bank account. They can hack into your email and use this as a back door into your bank account.
So many people will not believe their emails are being monitored and hacked because they have nothing to warn them.
It’s worth being aware that there are criminals who are well networked, watching your email exchanges with their intended victims, in anticipation of a fraudulent payment that is being set up.
So how does this happen?
Cybercriminals are using phishing emails to try and steal log-in information from you, which allows them to access your personal or business email accounts.
They monitor your incoming and outgoing emails for an opportunity to intercept a new invoice.
Scammers are intercepting emails, changing bank details on invoices, and sending them on for payment. This is happening all over the world and the email address usually looks like it’s coming from a credible company with a very similar domain name or they change the domain name ever so slightly that at first glance you don’t notice it.
- Unaware the recipient pays the invoice into the scammer’s account and they disappear with the money.
Unfortunately, it has become extremely risky to send invoices containing banking details via email as emails are intercepted midway, original banking details are deleted and the fake details land up in the recipient’s mailbox.
Ways to protect yourself and your clients
- Inform your clients that your account details will not change. If they receive any correspondence announcing a change they must contact you and confirm and verify the bank details before making payment.
- Do not attach banking details to your emails.
- You can consider leaving your banking details off your invoices and have your clients contact you for the banking details.
- Many people use WhatsApp to send bank details because it is encrypted, however, this is also not entirely secure as fraudsters are able to gain control through unauthorised sim swaps, etc.
- Recipients should be aware of sudden changes just before proposed payments and should immediately inquire with the sender.
It is wise and advised that bank details are verified via phone or in-person before processing payments.