What you need to know
Invoice Redirection Fraud
Invoice Redirection Fraud is practiced by cyber criminals who have managed to access the correct payment information and account details of, for example, genuine suppliers or customers of a particular company, then try to change these details in order to divert significant sums of money to their own accounts
If cyber criminals have managed to divert significant sums of money that have been paid to a supplier, for example, to their own accounts, all subsequent payments to the intended supplier will be diverted in the same way. Often this type of criminal act is only identified when the supplier sends a payment reminder. By this time it might already be extremely difficult or even too late to catch the perpetrators and to recover the sums of money in question, which can be very large in some cases.
- Check regularly for any changes of name, address or account details.
- White List: Make a list of genuine payment accounts.
- Check any changes of payment details by using the dual verification principle at least.
- If you receive any requests from the supplier to change account details, verify any such request by contacting the supplier again.
- Let your payment recipient know that you have made the payment – in this way you will be able to identify any incorrect payment details in good time.
- Do not make supplier information, for example, company names, publicly available – cyber criminals often get their information from publicly accessible sources.