Be Aware of Authorised Push Payment Fraud in Your Business

Facebook
Twitter
LinkedIn

Authorised push payment (APP) fraud involves fraudsters tricking victims into willingly making large payments, usually by bank transfer and there is often a demand to act quickly as the criminal poses as a genuine payee.

According to industry experts, the scale of fraud in the UK is suggested to be significantly higher than recent figures, which suggests the fraud epidemic is growing. Due to the rise of online payments and COVID-19, fraud has drastically increased in recent years and UK Finance found that £1.2billion was lost to fraud in 2022. Whilst fraud is on the rise, there is a high degree of underreporting the crime.

It is one of the most prevalent types of scams around today, more than £145million was lost in the first half of 2023. Banks and financial providers were only able to return £30.9million of these losses and are now taking steps to protect individuals and businesses alike.

These scams are simple, but effective and scammers can gain information from an organisations website and replicate the email addresses of managing directors, CEO’s and finance directors in order to target employees within the business and attempt to commit APP fraud.

How to protect yourself and your business from APP fraud:

  • If anyone asks you to send a payment to different bank details than you were expecting, question it at the highest level possible and pick up the phone to check any changes directly with the company. Do not trust the contact details listed in any emails, as they are likely to be the details of the hacker and not the company in question.
  • When making large payments (even one you are expecting) you can make a small payment first and check that the payment is sent to the correct person before transferring the rest.
  • Employees who communicate with your suppliers should be informed of what types of information a supplier will and won’t ask for. For example, a supplier will never ask for an employee’s password. Staff should be encouraged to speak with a supervisor if they’ve received a request they’re unsure about.
  • If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week. You can also report online at actionfraud.police.uk.
  • For more advice on how to improve your business’ cyber security in an affordable and practical way, please see the National Cyber Security Centre’s Small Business Guide.
  • For further guidance please contact [email protected]

The NEBRC is a police led non-profit organisation that seeks to educateinform, and support businesses across the UK on how to protect their business online through good cyber security practices.

Sign up to receive the NEBRC’s free core membership today and stay up to date with the latest cyber security updates and gain access to a wealth of handy resources