Fraud can come in all shapes and sizes, but normally, we can distinguish between scammers and fraudsters.
A scammer will typically pose as a supplier offering goods or services, creating a website or setting up a bogus company to maintain this facade. They will communicate with their victim - perhaps even for an extended period of time - convincing them to make a payment ultimately.
Once payment is received, the scammer will stop all contact and the goods/services are never received.
Fraudsters use hacking or social engineering tactics to gain unauthorised access to genuine suppliers' email accounts. They may even monitor email communications between both parties to gather information.
Typically, they lurk in the shadows, observing entire conversations until the right moment to request sensitive bank details. With the information they have collected, they can potentially convince unsuspecting customers to authorise fraudulent payments, a method known as Authorised Push Payment (APP) fraud.
To execute APP fraud, scammers often create spoofed email accounts that impersonate legitimate individuals or organisations. When a payment request is sent, the victim may overlook the subtle differences in the email address, leading to funds being sent to the fraudulent account.
What is Authorised Push Payment Fraud?
To commit APP fraud, scammers use social engineering to convince their victims that they are a legitimate entity. This often results in the victim authorising a payment to the scammer, believing that they are paying the legitimate entity.
Modus operandi for APP fraud follows typically one or more of the below scenarios:
A supplier changes their bank details unexpectedly
Fraudsters will typically state reasons such as "our bank account is going through an audit" or "this is our new account, which is cheaper for us".
Bank details provided are located in a different country
This could suggest that their email account has been compromised. Double-check the email you are communicating with - it should be the same as usual if you already maintain a relationship with them. We would recommend that you confirm new bank details via a trusted telephone number.
Poor quality invoices and payment documents
Documents containing blurry images, bad spelling and grammar, and overall format discrepancies can be one way of picking up on a fraudster.
New supplier has limited or no online presence
This could mean nothing - but it could also mean you're falling for a scam. Recently created websites could lure you into being convinced, but if you are still unsure, try sending them a smaller payment and ask for the goods in exchange.
Pressure
If a supplier is putting you under undue pressure and is expressing a weird form of urgency, or the supplier's tone is not what it normally is, make sure to stop and double-check everything before proceeding. You won't lose a supplier for sending a payment a day late, but you could lose a lot of money for sending it a day early!
Change of email address
Whenever your suppliers change email address, bank details should be double-checked via a trusted telephone number.
Be especially vigilant to tiny changes like a "double n" for an "m" (nn - m), as this is a clear sign of email spoofing.
Good deals
If a deal sounds too good to be true...
What to do if you think you’ve fallen victim to fraud
If you think you have fallen victim to fraud, email fraud@ebury.com and report it to your local law enforcement and/or fraud reporting agency.
For further assistance, feel free to contact Ebury support directly via live chat or at the below email addresses:
EMEA (operationsteam@ebury.com)
Asia Pacific (operationsteam.apac@ebury.com)
America (operationsteam.ca@ebury.com)