Skip to main content

Invoice Re-Direction Fraud

Invoice re-direction fraud occurs when a business receives a fraudulent email claiming to be from existing an supplier/creditor or in some incidents staff within the company. The fraudster advises that the bank details for the payment of future invoices should be changed or requests that a payment should be made into a certain account. These approaches can me made over the telephone, by letter, fax and by email. The request is not necessarily accompanied by any specific request for payment but if the request is acted upon, the next legitimate payment will be made directly to the fraudster’s account.

Key Advice

  1. Make a phone call to a known contact within the firm that appears to be requesting fundamental changes in banking details.
  2. Always verify any requests claiming to be from your creditors if they ask you to change their bank details for future invoices.
  3. Always confirm change of bank account requests with the company making the change, being mindful not to use the contact details on the letter/email requesting the change.
  4. Look out for different contact numbers and email addresses for the company as these may differ from those recorded on previous correspondence.
  5. Consider reviewing change of account details already acted upon where payment is due at a future date and confirm the authenticity of the request.
  6. Instruct staff with responsibility for paying invoices to be mindful of checking invoices for irregularities and voicing their concerns with the company requiring payment.
  7. Consider setting up a system whereby when an invoice is paid an email is also sent to the recipient informing them that payment has been made and to which bank account. Be mindful of account security and consider including the beneficiary bank name and the last four digits of the account to ensure security.
  8. Fraudsters may have found information regarding contracts and suppliers on an organisation’s own websites. Consideration should be given as to whether it is necessary to publish information of this type in the public domain as it has been demonstrated that it can be used to facilitate fraud.
  9. Consider setting up designated Single Points of Contact with companies to whom you make regular payments.
  10. For payments over a certain threshold, consider organising a meeting with the company who are requesting payment, and satisfy yourself that payment will be sent to the correct bank account and recipient.