Pay for a valuable delivery securely

Imagine you run a jewellery shop in your town and regularly buy large quantities of gemstones from a trader abroad. What would you do if your trader sent you an e-mail telling you that the IBAN you use to pay your invoices has changed? If your answer is “change the IBAN stored in my e-banking”, you would be easy prey for fraudsters, as cybercriminals regularly manipulate payment orders with fake e-mail invoices.

Hacked e-mail accounts as the cause

To send messages from a different mailbox unnoticed, fraudsters take over control of an e-mail account belonging to a private individual or company – such as your trader – and thus gain access to their correspondence. The hackers also make use of from their saved contacts. As soon as they have access, the fraudsters can send a modified “original” invoice to a shop owner by e-mail. In order to appear credible, they add a simple note stating, for example, that the bank details have changed. The shop owner pays into the new IBAN on the assumption that the e-mail was sent by the trader. However, in this case the money will be sent to the hackers rather than to the trader.

Confirm changes by phone

The fraud is usually only noticed a few days later when the trader asks why the invoice hasn’t been paid yet. In such cases, the victim – so the jewellery shop owner in this instance – has no way of knowing that they are communicating with cybercriminals . After all, they are using the trader’s real e-mail address. You should therefore always confirm any changes to payment details. E-mail enquiries can also end up in the wrong hands if the e-mail account has been hacked. It is therefore essential to check by telephone if you are asked to make a payment to a new bank account. If the trader confirms the new IBAN over the phone, the amount can be transferred using the new payment details without a second thought.