Payment fraud

Whereas many fraud schemes have been around for years, the methods used to deceive victims are constantly evolving. Criminals skillfully adapt their tactics to current circumstances and leverage modern technologies to make their attacks harder to detect.

We would like to highlight specific fraud patterns that can be summarized under the term “Business Email Compromise” (BEC). These are particularly relevant to your business and show you how you can protect yourself.

BEC is a type of email fraud which targets companies or individuals. Criminals use fake or hacked email accounts to access sensitive information to impersonate trusted business partners, executives, or employees. In some cases, they even use deceptively realistic voice messages or videos created with artificial intelligence.

The goal of these attacks is to trick victims into transferring money or revealing confidential information.

BEC is now considered one of the most serious digital risks to businesses of all sizes. In addition to significant financial losses, long-term reputational damage is a major threat. The most common forms of BEC include fake invoices, CEO fraud, and payroll-related attacks.

Unusual or unfamiliar email addresses
Slight deviations in sender names or domains
Unusual urgency or high time pressure in the message
Uncommon language, grammatical or spelling errors
Requests for absolute confidentiality or secrecy
Unknown attachments or suspicious links
Unusual payment instructions or account changes
Sudden switch in communication channels

Regular training on current fraud schemes and IT security for yourself and your employees. We are happy to support you in this.
Protect your IT infrastructure according to the latest standards. An inadequately secured system (e.g., due to pending updates) is more vulnerable to fraud.
Maintain diverse and up-to-date communication channels with customers and suppliers (e.g., phone, email, postal address).
Define a robust payment process including steps such as:
- Avoid single signatory rights by implementing a four-eyes principle, where possible.
- Verify any new directions or changes to existing payment instructions from business partners using a secure channel (e.g., a previously validated phone number).
Be aware that email communication is susceptible to manipulation and does not offer complete security.
Encourage employees to promptly report suspicious observations or incidents to a designated contact within the company.
Promote healthy skepticism among staff when faced with unusual requests.
Evaluate which information about your company and employees you publish. Keep it to a minimum.

Fake invoices

Attackers contact a company, pretending to be an existing business partner, such as a supplier. They request payment of a legitimate outstanding invoice to a new (previously not used) bank account. Prior to this, the criminals gain access to the company’s or actual partner’s IT systems to obtain information that makes the deception especially convincing. The recipient believes the request to be legitimate and makes the payment to the account controlled by the fraudsters.

CEO fraud

Attackers usually contact the finance department directly posing as a member of senior management such as the CEO or CFO. They demand an immediate transfer of funds under the pretense of a confidential and urgent transaction. To appear credible, they forge or manipulate sender addresses or email content. The contacted employee believes they are following a legitimate instruction and processes the payment.

Payroll fraud

Attackers pose as company employees and contact the HR department, often using a seemingly personal (not official business) email address. They request a change in their bank account details, supposedly due to having a new bank account. The employee’s identity is faked convincingly using forged email addresses or compromised accounts. The HR department then updates the bank account details, causing the next salary payment to be sent to the fraudsters’ account.

1
Information gathering
Criminals deliberately collect information about companies, employees, processes, and sometimes private individuals. They use publicly available sources and manipulative techniques such as phishing, hacking, or social engineering to obtain sensitive information. This serves as the basis for the deception that then follows. This stage can take days, weeks, or even months.
2
Deception
Attackers use the gathered information to gain the victim’s trust by impersonating trusted individuals or organizations, using fake emails, messages, or phone calls to manipulate their targets. They often emphasize urgency and confidentiality to increase pressure. Today, deepfakes can also be used to imitate voices or people with alarming realism.
3
Execution of payment
The deceived person initiates a payment to a bank account controlled by the fraudsters. Clever manipulation eliminates doubts, and the payment is made without further checks or verification. The victim genuinely believes they are conducting a legitimate transaction.

Inform your IT department immediately so that necessary measures can be taken.
Contact your bank immediately. This allows them to initiate protective actions and, if needed, contest fraudulent transactions.
Consider filing a criminal complaint with the police, even if no financial loss occurred.

If you have any questions, your client advisor will be happy to assist you.

Payment fraud

Information gathering

Deception

Execution of payment

Have you noticed anything suspicious?

Help

Products

Sections

About us