Fraudsters are using an email spoofing scam to trick workers into transferring funds to their account, a fraud body has warned.

The scam works by sending an email to workers in a company’s finance department which appears to be from a senior colleague such as the finance director, according to Financial Fraud Action UK (FFA UK). The names of senior staff members are often easily available on a company’s website.

The scammers either make use of software which makes it seem like the spoof email really was sent by an internal member of staff, or they hack the genuine email accounts of senior staff.

The email will usually request an urgent payment be made outside of normal procedures, often giving a pressing reason such as the need to secure an important contract, FFA UK said.

“But rather than going to the account to which the payment is made is in fact controlled by the fraudster,” it warned. Upon receipt of the funds, the money is then quickly withdrawn.

FFA UK has offered five tips to help staff avoid falling victim to this scam.

  1. Always check any unusual payment requests directly, ideally in person or by telephone, to confirm the instruction is genuine. Do not use contact details from the email.
  2. Establish a documented internal process for requesting and authorising all payments and be suspicious of any request to make a payment outside of the company’s standard process.
  3. Be cautious about any unexpected emails which request urgent bank transfers, even if the message appears to have originated from someone from your own organisation.
  4. Ensure email passwords are robust.
  5. Consider whether the email contains unusual language or is written in different style to other emails from the sender.

You may also like...

Keep Up To Date - Subscribe To Our Email Newsletter Today

Get the latest industry news direct to your inbox on all your devices.

We may use your information to send you details about goods and services which we feel may be of interest to you. We will process your data in accordance with our Privacy Policy as displayed on our parent website