Last updated: 13 January 2021
With cyber attacks against businesses steadily increasing, you should be wary of any requests from suppliers (via email, phone, letter or otherwise) to change their bank details. While these requests may be genuine, they may also be an attempt to divert payment funds to a fraudulent account, sometimes through hacked or spoofed emails.
Increasingly, fraudsters are disguising themselves as legitimate suppliers and asking unsuspecting customers to change the bank account information they have on record.
As a precaution, if you get such a request, always take the extra step of checking directly with your suppliers.
You can do this by:
In some cases, the fraudulent request to change supplier information or make a payment to an unfamiliar account may appear to come from your own organisation’s CEO, president or other administrator, again through a hacked or spoofed email. When reviewing any type of payment instructions from an internal source, make sure the request uses your organisation’s official channels and follows authorised processes and procedures.
For more information on this type of fraud, watch our ‘Learn about payment diversion fraud’ video.
If you suspect you have been the victim of fraud, contact your HSBC representative immediately.