Businesses warned of new spoof email scam

Businesses are being warned of a new email scam which involves a criminal sending an email to a member of staff in a company’s finance department which appears to be from a senior colleague, such as the finance director or chief executive.

According to Financial Fraud Action UK, fraudsters use software which manipulates the characteristics of an email, including the sender address, so that it looks genuine. This means the spoof email appears in the recipient’s inbox in just the same way as a regular email from the same contact. But the email requests an urgent payment to be made outside normal procedures, often giving a pressing reason such as the need to secure an important contract.

The account to which the payment is made is, in fact, controlled by the fraudster. Upon receipt of the funds, the money is then quickly withdrawn.

Advice on avoiding this scam includes:

• Always check any unusual payment requests directly, ideally in person or by telephone, to confirm the instruction is genuine. Do not use contact details from the email.

• Establish a documented internal process for requesting and authorising all payments and be suspicious of any request to make a payment outside the company’s standard processes.

• Be cautious about any unexpected emails which request urgent bank transfers, even if the message appears to have originated from someone from your own organisation.

• Consider whether the email contains unusual language or is written in different style to other emails from the sender.