Cyber security blog part 5 - payment diversion fraud

Payment Diversion Fraud – What is it? and how to protect your business from it


This month we are looking at the more targeted area of Cyber Security of Payment Diversion Fraud. The objective of this type of fraud is to divert genuine payments between organizations into accounts controlled by the attackers.

This kind of fraud is certainly on the increase. Fraudsters use sophisticated spear-phishing techniques such as impersonating a key supplier or an organisation’s bank to trick employees into changing bank details or making payments. So lets look at the nature and impact of the risk, identify the tell-tale signs to look out for and what you need to do to mitigate the risk of a payment diversion fraud harming your organization.

The first question to ask is “Why do we fall for payment diversion fraud?”. Well then first thing to think about is, how many times do you respond to a request without thinking twice? Payment diversion fraud is effective because it feeds on our trust and sense of obligation, whether at work or in our personal life. Often the fraud begins with a phone-call from a fraudster phishing for information, often portrayed as an ‘urgent’ request. Even seemingly harmless responses could aid a more targeted attack, such as the impersonation of a trusted colleague or the mimicking an invoice from a key supplier.

So, what are some Red flags to look out for when deciding whether an email is genuine or not?

You need to be mindful of the following:

Email addresses

Fraudsters often use email addresses that are similar but not the same as the addresses you trust. (We looked at this in Pt3 Gone Phishing)


Are you being asked to do something outside the normal scope of your role? Would you expect this to be asked of you? If the answer is no, then this should raise suspicions, especially if the request comes with a sense of urgency or time pressure.

Money transfers

Are you being asked to transfer money in a way that doesn’t follow the companies or if a personal request your own normal processes? If the requested method of payment is different to the usual procedure, this can be an indication that this is fraudulent.

Requests to restrict communication

Being asked to confine communications to email, or being asked to keep the transaction confidential, may also be a sign that a request isn’t genuine.


This plays a very important role in stopping payment diversion fraud. Criminals are developing increasingly sophisticated techniques, where they can replicate or even have access to a trusted colleague’s email. In these circumstances, the knowledge that we have of one another plays an important part in detecting when something is wrong. If the tone, language or the request itself seem out of character in an email or message from a colleague – and especially so if from a senior figure – always act on it and flag your suspicions to the right person.

What you can do

If you suspect payment diversion fraud is taking place, here is the things that you can do:

Stop and review

Take a moment to consider what’s being asked of you. Is it reasonable and does it come from a genuine source?

Question the requests

If a request doesn’t feel right – because it’s a task not normally expected of you, or because it falls outside of your company’s processes – you should investigate further or report it before taking action.

Check in by other means of communication

If a communication from a colleague is unusual, check with them before acting on it. Confirm the message is genuine with the sender, but never reply directly to a suspicious email or message. Create a new email or call them on the phone or even arrange a video call.

Summing up

Criminals using payment diversion fraud play on our instincts to be trusting and helpful to trick us, whether it’s to get information or to make fraudulent claims for money.
Taking time to question the authenticity of requests is the best defense against fraudsters. Our connections with each other give us insight to detect when even the smallest detail feels wrong. By being alert and ready to ask questions, we can play an important part in beating payment diversion fraud.

Next month we will start to look at the area of Keeping Ourselves Safe whilst Online.

As always if you want to talk more about this month’s subject feel free to contact the CEME IT Team. As usual here are a few links that you might find interesting.

Social Engineering Risks: How to Patch the Humans in Your Organization
Dumpster diving is a filthy business
Wanted: Disgruntled Employees to Deploy Ransomware
WhatsApp issued second-largest GDPR fine of €225m

Stay Vigilant and stay safe.

Chris George, Head of IT, CEME