2 min read
Payment diversion fraud is a type of B2B scam where fraudsters trick you into sending money to their bank account. They typically impersonate someone you trust, like a supplier or colleague, and ask you to update payment details.
Impersonation: The scammer pretends to be someone you know, often via email spoofing, phishing, phone calls, or even social media.
Fake invoices or urgent requests: You receive a message like “We’ve changed our bank details, can you update them ASAP?”
The money’s gone: You make the payment, but it lands in the scammer’s account.
Any business that sends payments electronically can be targeted, but small and medium-sized businesses (SMBs) are especially vulnerable.
In the first half of 2024, £570 Million was stolen in payment fraud in the UK alone.
All it takes is one compromised supplier and a convincing email. The tone sounds familiar. The invoice looks legitimate. The urgency makes sense.
And just like that, the money’s gone.
Scam attempts often feel ordinary. Ask around and most people or businesses have been targeted at some point.
The danger lies in how normal it all appears. That’s why it’s best to assume this will happen, not because you’re careless, but because these scams are becoming harder to detect.
Use a phone number you already have on file, not one listed in the email. Better yet, speak face-to-face or via video.
Require two people to approve any bank account change.
Confirm all bank detail changes exclusively with the requesting company’s director before making a new payment.
Use LinkedIn or Companies House to check the identity of the person making the request.
Use Companies House to confirm a business is legitimate.
If your bank offers Confirmation of Payee, use it.
If anything feels off, don’t send the money.
A sudden change in tone or urgency.
“Please pay today” when that’s never been the norm.
Bank details that don’t match known records.
It’s not just okay to pause and sense-check. It’s essential.
Enable multi-factor authentication (especially for email).
Use tools that flag suspicious emails.
Store supplier details in a secure, centralised system.
This isn’t about slowing your team down. It’s about making sure you’re not left exposed by a single convincing scam.
Payment diversion fraud is increasingly common, but by following a few simple steps, and ensuring your team does too, you can dramatically reduce the risk of payment diversion fraud.
At PKF Infuse, we believe your best defence is staying informed. If something doesn’t feel right, speak up. You could stop fraud in its tracks.
1 min read
63% of UK secondary schools reported experiencing online security breaches or cyber-attacks in 2022. Although there is no cheat sheet on preventing...
1 min read
Cyber security is the backbone of IT systems in the modern age and it is vital when protecting yourself and your business from cybercriminals. ...
1 min read
The scheme was introduced in 2014 to make the UK one of the safest places to do business and the evolution of these five technical controls...