What is Authorised Push Payment Fraud?

To commit APP fraud, scammers use social engineering to convince their victim that they are a legitimate entity. This often results in the victim authorising a payment to the scammer, believing that they are paying the legitimate entity.

Possibles scenarios:

1. Beneficiary/Supplier is a fake entity

The scammer may pose as a supplier offering goods or services, creating a website or setting up a bogus company to maintain this facade. They will communicate with their victim, perhaps for an extended period of time, convincing them to make the payment. Once payment is received, the scammer will cut contact and the goods or services are never received.

2. Beneficiary/Supplier email is compromised

Alternatively, the scammer may gain access to confidential business communications by hacking the email account of one, or both, parties involved in a transaction. They will use this information to present themselves as the supplier at the optimal time, sending an email claiming the supplier’s bank account is no longer in use, and requesting money be sent to a new bank account.

To commit APP fraud, a scammer may use email spoofing. This requires setting up a free email account purporting to be the genuine supplier, or even an email domain with one letter different to the genuine supplier’s email. When a payment needs to be made with urgency, the difference in the email address may not be spotted by the victim which results in funds being sent to a fraudulent account.

Authorised Push Payment Fraud Red flags

1. A supplier changes their bank details unexpectedly stating reasons such as ‘the usual company bank account is unable to receive funds due to a tax audit’. This is a red flag suggesting you could be communicating with a fraudster.

2. The bank details provided for payment are located in a different country to the supplier suggesting that the supplier is either fraudulent, or their email account has been compromised. Ensure you trust the supplier or confirm the details on a trusted telephone number.

3. Invoices or payment documentation are poor quality containing blurred images, bad spelling and grammar, alterations in the format or discrepancies. Ensure you trust the supplier or confirm the details on a trusted telephone number with your supplier.

4. A new supplier has limited to no online presence meaning they could be trying to scam you. If they have a website, check when it was created - if it was very recent, it could be a scam. Ensure a supplier has legitimate online reviews before making a transaction.

5. A supplier expresses undue urgency for you to make a payment or their tone changes via email. Communications of this nature should be confirmed via a trusted telephone number.

6. The email address of your existing supplier changes suggesting a fraudster has intercepted mail and is pretending to be your supplier. Check for signs of email spoofing such as a misspelt email address. Confirm that communications are valid via a trusted telephone number with your supplier.

7. A supplier is offering a deal that’s too good to be true. If it sounds too good to be true, it probably is.

Related articles:

How to Protect Yourself from Phishing Attacks

How to Recover a Compromised Email Account

What to Do If You Think You’ve Fallen Victim to Fraud

If you think you have fallen victim to fraud, email fraud@ebury.com and report it to your local law enforcement and/or fraud reporting agency.

Did this answer your question?