- Criminals pose as a creditor or supplier and tell you their company’s bank details have changed. The communication will ask you to make all future payments to a new fraudulent account.
- The fraudster may have gained access to compromised email accounts belonging to finance team employees.
- They use knowledge gained from compromised email accounts, such as billing frequency or customer interactions, to create identical looking invoices with similar language and logos, and send these to your customer. When the customer pays the invoice, the money goes straight to the fraudster’s bank account.
- There are several ways for attackers to get access to your mailbox, such as a password spray, an attack that attempts to access many accounts with a few commonly used passwords, or the use of malware and phishing, where attackers send an email with a link to a fake website that’s designed to steal credentials.