Safeguarding your business against payment diversion fraud

Last updated: 13 January 2021

With cyber attacks against businesses steadily increasing, you should be wary of any requests from suppliers (via email, phone, letter or otherwise) to change their bank details. While these requests may be genuine, they may also be an attempt to divert payment funds to a fraudulent account, sometimes through hacked or spoofed emails.

What you need to know

Increasingly, fraudsters are disguising themselves as legitimate suppliers and asking unsuspecting customers to change the bank account information they have on record.

As a precaution, if you get such a request, always take the extra step of checking directly with your suppliers.

You can do this by:

  • Calling a trusted source in your supplier’s company on a known phone number (not one that’s listed in the document requesting the change of bank details)
  • Emailing your supplier on a known email address; don’t respond to the email address which sent you the bank details change

In some cases, the fraudulent request to change supplier information or make a payment to an unfamiliar account may appear to come from your own organisation’s CEO, president or other administrator, again through a hacked or spoofed email. When reviewing any type of payment instructions from an internal source, make sure the request uses your organisation’s official channels and follows authorised processes and procedures.

Find out more

For more information on this type of fraud, watch our ‘Learn about payment diversion fraud’ video.

If you suspect you have been the victim of fraud, contact your HSBC representative immediately.