The article has been updated and republished on 26 November 2024.

What would you do to save your business £10,500? In the first half of 2023, that was the average loss of an invoice redirection scam*, so learning to spot and prevent them could do just that.

In this article you’ll discover top tips on spotting invoice redirection and a simple three step defence you can use to help protect your business.

*Source: UK Finance Half Year Fraud Report 2023

Most commonly this scam is where a fraudster sends a fake email to your business claiming to be from one of your suppliers. It will ask you to update the account details you hold for that supplier, to an account the fraudster controls. If you do, then all future invoice payments will go to the fraudster.

It’s crucial to recognise that these emails will look genuine. Fraudsters take the time to use company logos you’re used to seeing and will mimic the supplier’s tone of voice. They may even use artificial intelligence tools to help speed up their process and make their fake emails as convincing as possible.

Finally, it’s also possible for fraudsters to gain access to, or intercept, your legitimate supplier’s emails. Therefore, even a perfectly legitimate looking request could be part of a scam.

It’s important to remember that fraudsters won’t always begin with a request to change account details. They may lead with asking you to change contact information, such as a phone number. They do this because it’s usually viewed as less suspicious. However, when you later receive another request from them asking for account detail changes and give them a call to check, you’ll actually be calling the fraudster.

Actions you should take today

If you get any requests to change account details or contact information:

• Always treat it as suspicious, even if the email looks convincing or seems urgent.
• Always contact the suppliers independently, using a trusted telephone number, never the one contained in the request.
• Never make any changes until you’ve confirmed it’s genuine.

A simple and cost-effective online security framework recommended by the National Cyber Security Centre is people, processes, technology. Using this framework can improve your resilience against invoice redirection scams, and most other security threats your business faces.

People – Fraudsters see them as a target, but they can also be your strongest line of defence. If everyone in your business knows what to look out for, they’ll be actively stopping most scams at their root.

Processes – We’re all human. So, when mistakes happen, having established payment and admin processes that everyone follows is a crucial second layer of defence. For example, making sure two people look over requests for changes to account details or contact information before acting.

Technology – This doesn’t have to be complicated. For example, we recommend enabling the dual approval feature in Bankline for templates and bulk lists so any admin changes must be approved by two people.

We hope you found this useful. Please share this information with colleagues. The more people who know what to look out for, the better. Together we’ll beat the fraudsters.

You should visit our security centre or join a free webinar to find out more about other common threats affecting businesses like yours.