Following a spate of email based phishing exercises to gain your bank information, it appears that a trend to revert to “old school” methods has arisen:
The hacker will through whatever means are available, steal your customer data and a copy of your company letterhead.
They will then write to every customer using the words –
“Due to the structural changes in our financial department, please note that our payment details have changed with immediate effect. Please ensure your next payment is made as per the bankers displayed below:”
And insert their own bank details. The letter will then be posted through Royal Mail.
The letter itself will:
• Include your company logo.
• Contain your correct Trading Address
• Contain your correct Telephone Number
• Be signed by you or someone in your finance department
It is difficult to protect your company against this type of fraud, and worse still if one of your customers pays invoices using these bank details – the money will have gone, and your only course of redress will be to argue it out with the customer as to who should bear the loss – not something that any business would want to do.
We would recommend that all businesses introduce a policy of confirming instructions such as this by phone before making the changes.