• Fraudsters are becoming more sophisticated, fooling even cautious people
• It is best to confirm the request directly through a face-to-face chat or phone call
Suppose one of your suppliers sent you an email regarding a change in their banking details, informing you that from that moment henceforth, all payments should be directed to a new banking account. How would you react?
You would probably look at the email’s origin to see if it's coming from someone you know. You might look at the email address to confirm if it's familiar. When dealing with a large company, you might check the Internet domain of the email address to see if it is correct. If all these things look alright, what could go wrong?
With fraudsters getting more sophisticated, a fake email may look legitimate enough to fool the most cautious of persons. As businesses and individuals increasingly adopt electronic modes of payment, incidents of email payment fraud are also on the rise.
“Modern criminals have ditched the ski mask and getaway vehicle and opted for a computer as their weapon of choice,” Robert Brewer, a US government official.
This was after three Kenyans were arrested for deceiving US companies and government institutions into sending them money that should have been paid to legitimate suppliers. By the time the scam was discovered, the fraudsters had allegedly obtained at least $3.1 million (Sh472 million).
Also known as a 'change of banking details' scam, it starts with fraudsters discovering an ongoing business relationship between a seller and a buyer. The fraudsters may find out the details through hacking or from a corrupt employee.
Modern criminals have ditched the ski mask and getaway vehicle and opted for a computer as their weapon of choiceRobert Brewer
The fraudsters, while pretending to be the seller, send emails to the buyer, claiming that the bank account for receiving payments has changed. This communication requests the targeted victims to update their records to ensure all future payments are directed to the "new" or alternative bank account.
The details are, of course, fraudulent, with the consequence that monies are paid to the fraudster and not the seller or legitimate beneficiary.
ICT firm Microsoft says scammers go to great lengths, researching their targets and figuring out how to fake their victims' identities. Once they have access to emails, they quickly find out who is sending or receiving money. The scammers may create email addresses that look official by registering a similar-looking Internet address elsewhere.
“Anyone can be the target of a business email compromise (BEC) scam," Microsoft says in a brief. Scammers often target CEOs and senior management, finance departments and human resource managers. New or entry-level employees who won't be able to verify an email's legitimacy with the sender are also prime targets.
Obviously, the first thing to do when you get a request for a change in banking details is to get in touch directly with the supplier or seller you intend to pay. However, do not use the contact details contained in the email requesting the change. Those contacts may lead directly to the fraudsters, who will assure you that all is fine. It is best to confirm the request directly through a face-to-face conversation or a phone call.
Be alert to urgent or last-minute requests for change in payment details as those may be signs of fraudulent activity.