How to protect yourself from invoice payment scams


Business Email Compromise (BEC) is a type of crime that affects companies that make invoice payments via transfers

The modus operandi is as follows: when exchanging invoice information via e-mail, criminals impersonate the supplier responsible for sending the invoices.

They then modify these invoices by changing the IBAN of the account to which the money transfer should be made. Thus, they manage to trick their victims.

How is it possible for the cybercriminal to obtain information about the company, its invoices and the supplier's e-mail address? In order to do this, the criminal would have to had gained access to the victim's e-mail beforehand, possibly by cracking the password.

If you have suffered from such a scam and have made a transfer to a fake account, it is important that you contact your bank as soon as possible.

Transfers are irrevocable payment mandates and banks are not authorised to order a refund without the consent of the account holder who has benefited. However, in accordance with good financial practice and customs, the bank is required to make reasonable efforts to try to recover the transferred amount, contacting the receiving bank.

Ever more sophisticated methods are being used, making it increasingly difficult to recognise a forged e-mail address. You can find some tips to help you uncover a suspicious e-mail in this postAbre en ventana nueva by the Spanish National Institute of Cybersecurity (INCIBE), where you can also find more informationAbre en ventana nueva on this type of fraud.

Did you find this information useful?