We have recently been made aware of fraudulent activity targeting local businesses, which has involved the interception of business emails.
A sales invoice was securely created in Xero but was then sent to a customer via email. As you are no doubt aware, emails are not always secure and can be subject to hacking.
The email containing the invoice was intercepted by a fraudster who then changed the bank details on the invoice. The customer then made a substantial payment of several thousand pounds to the fraudster’s bank account.
We would like to remind clients to make your customers aware that such fraudulent activity, although relatively rare, can happen.
It is sensible, when making large payments to a new account, to phone to confirm the bank details first and perhaps even do a test payment.
We also suggest advising your clients that if they receive an email, which claims your bank details have changed, they should phone you immediately before making any payment.