Skip to content

SCAM Emails Essential Advice

Published April 2020

Workers are falling for a new email scam in which fraudsters impersonate a senior member of their company to trick them into transferring money, normally at short notice or with a deadline.

The fraudsters use software which manipulates the characteristics of an email, including the sender address, so that it looks genuine. This means the spoof email appears in the recipient’s inbox in just the same way as a regular email from the same contact.

The email requests that an urgent payment is made outside of normal procedures, often giving a pressing reason for needing the money, such as the need to secure an important contract.

But the account to which the payment is made is in fact controlled by the fraudster. Upon receipt of the funds, the money is then quickly withdrawn and the victim is unlikely to ever see their money again.

Criminals use publicly available information – such as Facebook, Twitter and Companies House – to gain knowledge of target companies, such as the names of senior staff.

Fraudsters will do all they can to make these scam emails look genuine, so it’s important for businesses to be alert. While an urgent request from the boss might naturally prompt a swift response, it should in fact be a warning sign of a potential scam. That’s why it’s vital that finance teams carefully check any unusual demands for payment through an alternative method, such as over the phone or face to face, before making the payment.

Ways to avoid being tricked

Always check any unusual or urgent payment requests directly, ideally in person or by telephone, to confirm the instruction is genuine, do not use the reply to email as a form of confirmation as you will simply be replying to the scammer.

IMPORTANT Do not use contact details from the email.

Establish a documented internal process for requesting and authorising all payments and be suspicious of any request to make a payment outside of the company’s standard process.

Be cautious about any unexpected emails which request urgent bank transfers, even if the message appears to have originated from someone from your own organisation.

Ensure email passwords are robust.

Consider whether the email contains unusual language or is written in different style to other emails from the sender.

For further advice please visit ActionFraud or contact your account manager at Midland Computers

https://www.actionfraud.police.uk/phishing