Skip to main content

Beware bank transfer fraud

So you’re working from home, and your boss drops you an email asking you to send a payment to a customer or business as soon as possible. What should you do? This month we’re looking at bank transfer fraud - and here’s all the information phishers don’t want you to know.

What is bank transfer fraud?

Bank transfer fraud, otherwise known as money transfer fraud, is when a phisher gets in touch with a single victim directly and encourages them to make a fake payment to a phisher’s account (or, to another victim’s account which then makes a payment to the phisher’s account). There’s a number of ways that phishers might do this; social engineering, for example, or pretending to be a larger organisation, a friend, or even a potential love interest.

One of the most common targets is businesses, particularly SMEs. These companies may be used to sending money to different accounts, and SMEs are less likely to have strict processes in place for employees to follow when transferring funds. Additionally, the monetary gains can be high for phishers - and the losses devastating for victims.

How does the scam work?

We’re going to be focusing on bank transfer fraud via email. This is a common phishing technique, and one which employees working from home are particularly vulnerable to - as you can’t just get up from your desk and double check with your boss easily when you’re working in different locations. 

The email will usually come from a managing director, CEO, or someone high up in the company. Phishers can often get this information easily from your company website. They may use the exact email listed online, or if they’re a little bit lazier, use the correct name but a different email address. 

The email may start with an unrelated question to establish trust and rapport; for example, the phisher pretending to be a manager could ask what time you’re working till today. Then once the phisher has established contact, whilst the victim’s guard is down, they’ll request a payment. 

Phishers will often use real company names in order to convince victims that the payment is legitimate, but remember, the bank account number and sort code doesn’t have to match the name for the payment to go through. 

There’s also likely to be a sense of urgency, or a time limit to the request . This is so that the victim pays quickly, without thinking it through. The phisher may also add a restriction to dissuade the victim from contacting their real manager directly, ie. I’ll be in a meeting for the next couple of hours, please don’t disturb me. The victim may ultimately send the money across, and the scam is complete, with the real manager being none the wiser.

How to avoid bank transfer fraud

Phishing scams work to establish trust between the phisher and the victim, and then exploit that trust as quickly as possible. This kind of bank transfer fraud is incredibly convincing in this sense; the trust that the phisher is depending on is the relationship between an employee and a manager, which is likely to be well established. 

The victim is likely to feel pressure to complete the payment without contacting their manager to check, particularly if they have been told their manager is in a meeting. Finally, the payment is likely to be thousands of pounds - a huge amount for a small business to lose.

For employees, you can avoid falling victim to this kind of scam easily by picking up the phone and checking with your manager, CEO, or whoever you believe sent you this email. Check the email address of the sender, but remember that scammers can fake these easily if they want to. It will always be better to miss a deadline than lose a few thousand pounds to a phisher. Make sure you find their contact details yourself, and don’t use the phone number listed in the email.

For managers, you can avoid this scam by ensuring that you have a policy in place regarding bank transfers; who they have to go through, how they are authorised and how you can be contacted in these instances. Making sure that your employees know and understand these policies is important - it might be the difference between your business identifying an illegitimate email and losing a huge amount of money.

Tweet us @TranscenditUK

Photo from Unsplash


The Transcendit Way

Transcendit understand that when you choose to work with us, whether we're taking care of your IT, app or web development, you're trusting us with part of your business. So whether we're looking after your computers, phone systems or servers we always do things 'the Transcendit way'.

The whole of our team adhere to the same values, beliefs and policies - the principles that were written when Transcendit first formed in 2000. Whether you come to us for cloud services or recovery backup you can be confident that you'll always receive the same excellent service.

The Transcendit way outlines how we do business; following the same straightforward principles with every client and customer, regardless of how big or small they may be.

That means we get to know you and your business. We offer you a friendly, professional and efficient service, and we'll always be honest with you.
We understand that not everybody speaks fluent IT, so we try to explain things in a way that is simple and clear. We always spend as much time as is necessary explaining things to you.
If you need to talk to us about something, no matter how insignificant, we are only ever a phone call away – and we’re never too busy to make you a cup of tea and have a sit down with you in person.
We understand how frustrating it can be when things are late. When we schedule an appointment with you, we are there when you’re expecting us. If something prevents us from getting there, we always call you in advance to let you know.
Sometimes things can go wrong, but we never lie to you or try to cover something up. If things go askew we tell you what’s happened and how we plan to prevent it affecting your business.
We want you to continuously benefit from working with us. We regularly discuss your business and make suggestions for improving systems and processes wherever we can – but we never try to push you into a purchase.
When we quote a fixed price, that's always the amount we charge – you won’t find any nasty surprises on a bill from us. If you are paying by time and materials, we inform you if our approximations could change.
We understand the importance of privacy for your business and your customers. We respect the confidentiality of your data, and we will never pass on your information to third parties.
We appreciate it when you take the time to give us feedback. A system called CustomerSure records our client's responses, so you can trust that our reviews are from real people.
Find out what they're saying here.
Alan is awesome! Jo Carter

Based on 12075 reviews our customers rate us 9.8/10. Reviews and ratings by Customersure. 09-October-2024

Transcendit are proud sponsors of CHUF, the Children's Heart Unit Fund.

Transcendit is a Microsoft Gold certified partner
VMWARE partner
Vipre partner
IPCortex partner
WithSecure partner
DELL partner
Barracuda partner
Veeam partner
N-Able partner