Fraud prevention – protecting yourself from payment diversion fraud 

Your safety and the security of your money is our highest priority, and we implement stringent safeguarding measures to protect all our customers. However, it’s also important for you to take steps to shield yourself from fraud. 

To help you identify potential scams and stay secure, we are publishing a series of articles focused on fraud protection. This article specifically addresses payment diversion fraud. 

What is payment diversion fraud? 

Payment diversion fraud involves criminals deceiving individuals or businesses into transferring funds to bank accounts under their control. These scams rely on social engineering to appear genuine, often impersonating suppliers, employees, or senior executives. In some cases, the attackers may also compromise email accounts to make their deception more convincing. 

One common type is CEO fraud. In this scenario, the scammer pretends to be a company director or executive and sends urgent instructions for a payment to be processed. 

Another tactic is invoice fraud, where a criminal poses as a supplier and sends a fake invoice with altered bank account details. If the recipient doesn’t verify the change, funds can be sent directly to the fraudster. 

In property transactions, conveyancing fraud occurs when emails between buyers, sellers, and solicitors are intercepted. Fraudsters impersonate one of the parties and redirect large payments into their own accounts. 

In cases of salary diversion, the scammer will contact payroll teams, pretending to be an employee, and request changes to their bank details, sending wages into an account they control. 

All of these scams exploit trust and urgency, often catching victims off guard and leading to serious financial and reputational consequences. 

An example of payment diversion fraud 

Mary, who manages accounts at a small manufacturing firm, received an email from what appeared to be a known supplier. The message included an invoice and advised that the supplier had updated their bank details. 

Because the email featured the supplier’s usual branding and was signed off by Mary’s usual contact, she processed the £15,000 payment without question. A week later, the supplier called to inquire about the payment of the invoice. 

That’s when Mary realised the email had come from a compromised account. A scammer had hacked the supplier’s email and intercepted communications to send a fake invoice. Despite reporting the fraud promptly, the funds had already been transferred across several accounts, making recovery impossible. 

The incident highlighted the convincing nature of payment diversion scams and the importance of double-checking any changes to bank details. 

Five tips on how to protect yourself 

While these scams can be hard to detect, there are clear steps you can take to reduce the risk: 

1. Always verify payment instructions 

If you receive a request involving bank details, especially if it involves changes to your bank account details, confirm it independently. Contact the sender using known phone numbers or emails sourced from official channels, not those included in the request. 

Avoid replying directly to any suspicious messages, as you may be corresponding with the fraudster. 

2. Educate your team on fraud prevention 

Everyone in your business should understand how these scams work, particularly those involved in finance or payroll. 

Provide training sessions that explain red flags, outline real-world case studies, and encourage staff to question any requests that seem unusual – even if they appear to come from someone senior. Keep your team updated on evolving threats. 

3. Use multi-factor authentication (MFA) 

Protect email accounts and financial systems with MFA, which requires a second method of verification beyond just a password. This can be a one-time code sent to a device or generated by an authentication app. 

MFA makes it far more difficult for cybercriminals to take control of accounts, even if passwords are compromised. 

4. Strengthen internal payment processes 

Put clear procedures in place for approving payments and updating banking details. For example, require confirmation from more than one senior team member before processing large transfers or account amendments. 

Ensure that these processes are documented, including secure request forms and established communication methods. 

5. Watch for unusual activity 

Monitor email accounts and financial systems for anything suspicious, such as unexpected logins, automatic forwarding rules, or access from unrecognised devices. Where possible, implement monitoring tools to alert you to these signs in real time. 

If anything unusual is detected, act quickly to shut down affected accounts and investigate the breach. 

If someone targets you 

If you suspect you’re being targeted or have fallen victim to payment diversion fraud, act quickly. 

If you’ve lost money, report it to Action Fraud in the UK by calling 0300 123 2040 or using their online reporting tool. You can also report the incident to the Financial Conduct Authority (FCA). 

Let your bank or payment provider know what’s happened as soon as possible. They might be able to stop the payment or help recover your funds. 

Suspected scam emails can be sent to [email protected], while suspicious text messages or WhatsApp’s can be reported by forwarding them to 7726. You can also report suspicious calls by texting the word ‘call’ along with the suspicious number to 7726. 

Suspicious web pages can be reported to the National Cyber Security Centre (NCSC). 

More information on payment diversion fraud 

Action Fraud’s website provides additional guidance, tools, and advice to help you protect yourself from different types of fraud.  

You can also reach out to Victim Support for confidential, specialist help if you’ve been impacted by fraud. 

Lastly, if you’re sending money overseas with TorFX and have any security concerns, no matter how small, reach out to us. We’re always here to help and provide reassurance for safe, secure transfers. 

Finally, if you’re worried that your TorFX account may be at risk, contact us as soon as possible, and we’ll be happy to help. You can also download our app or use our online platform to keep an eye on your transfers. 

Tags: Security & Fraud
Category Case Studies, Security and Fraud

© TorFX. Unauthorised copying or re-wording of this blog content is prohibited. The copyright of this content is owned by Tor Currency Exchange Ltd. Any unauthorised copying or re-wording will constitute an infringement of copyright.