How does it work?

• A business is approached by somebody pretending to represent a supplier/service provider/creditor.
• A combination of approaches can be used: telephone, letter, email, etc. 
• The fraudster requests that the bank details for a payment (i.e. bank account payee details) of future invoices be changed. The new account suggested is controlled by the fraudster.

What can you do?

As a Business

• Ensure that employees are informed and aware of this type of fraud and how to avoid it.
• Implement a procedure to verify the legitimacy of payment requests.
• Instruct staff responsible for paying invoices to always check them for any irregularities.
• Review information posted on your company website, in particular contracts and suppliers. Ensure your staff limit what they share about the company on their social media.

As an Employee

• Verify all requests purporting to be from your creditors, especially if they ask you to change their bank details for future invoices. 
• Do not use the contact details on the letter/fax/email requesting the change. Use those from previous correspondence instead. 
• For payments over a certain threshold, set up a procedure to confirm the correct bank account and recipient (e.g. a meeting with the company).
• When an invoice is paid, send an email to inform the recipient. Include the beneficiary bank name and the last four digits of the
• Set up designated Single account to ensure security. 
• Points of Contact with companies to whom you make regular payments. 
• Restrict information that you share about your employer on social media.

More information on secure online purchases can be found at the following link: https://www.europol.europa.eu/activities-services/public-awareness-and-prevention-guides/e-commerce-tips-and-advice-to-avoid-becoming-fraud-victim