Cyber security for schools and academies: 10 ways to keep your students and data safe online
63% of UK secondary schools reported experiencing online security breaches or cyber-attacks in 2022. Although there is no cheat sheet on preventing...
2 min read
Every business is at risk of B2B payment diversion fraud. Here at PKF Infuse, we’ve noticed an increase in payment fraud incidences whereby businesses unwittingly send significant sums to fraudsters.
What is payment diversion fraud?
Payment diversion fraud is a type of B2B scam where fraudsters trick you into sending money to their bank account. They typically impersonate someone you trust, like a supplier or colleague, and ask you to update payment details.
How it works:
-
Impersonation: The scammer pretends to be someone you know, often via email spoofing, phishing, phone calls, or even social media.
-
Fake invoices or urgent requests: You receive a message like “We’ve changed our bank details, can you update them ASAP?”
-
The money’s gone: You make the payment, but it lands in the scammer’s account.
Who’s at risk?
Any business that sends payments electronically can be targeted, but small and medium-sized businesses (SMBs) are especially vulnerable.
In the first half of 2024, £570 Million was stolen in payment fraud in the UK alone.
All it takes is one compromised supplier and a convincing email. The tone sounds familiar. The invoice looks legitimate. The urgency makes sense.
And just like that, the money’s gone.
Why payment diversion fraud is hard to spot
Scam attempts often feel ordinary. Ask around and most people or businesses have been targeted at some point.
The danger lies in how normal it all appears. That’s why it’s best to assume this will happen, not because you’re careless, but because these scams are becoming harder to detect.
How to protect your business from payment diversion fraud
1. Always confirm bank detail changes outside of email
Use a phone number you already have on file, not one listed in the email. Better yet, speak face-to-face or via video.
2. Build in verification steps
-
Require two people to approve any bank account change.
-
Confirm all bank detail changes exclusively with the requesting company’s director before making a new payment.
-
Use LinkedIn or Companies House to check the identity of the person making the request.
3. Check who you’re paying
-
Use Companies House to confirm a business is legitimate.
-
If your bank offers Confirmation of Payee, use it.
-
If anything feels off, don’t send the money.
4. Watch for red flags
-
A sudden change in tone or urgency.
-
“Please pay today” when that’s never been the norm.
-
Bank details that don’t match known records.
It’s not just okay to pause and sense-check. It’s essential.
5. Use your tech
-
Enable multi-factor authentication (especially for email).
-
Use tools that flag suspicious emails.
-
Store supplier details in a secure, centralised system.
Stay alert—and speak up
This isn’t about slowing your team down. It’s about making sure you’re not left exposed by a single convincing scam.
Payment diversion fraud is increasingly common, but by following a few simple steps, and ensuring your team does too, you can dramatically reduce the risk of payment diversion fraud.
At PKF Infuse, we believe your best defence is staying informed. If something doesn’t feel right, speak up. You could stop fraud in its tracks.
Snowflake data breach highlights importance of multi-step security in the cloud
Cyber security is the backbone of IT systems in the modern age and it is vital when protecting yourself and your business from cybercriminals. ...
Cyber Essentials, now even more essential
The scheme was introduced in 2014 to make the UK one of the safest places to do business and the evolution of these five technical controls...