Skip to content Accessibility

Attention! Investment scams are spreading. See more at: Investment fraud

Change of bank details scam

In the case of a change of bank details scam, the attacker poses as an employee of the organisation and sends an email to the accountant asking to change the bank account number used for paying the salary. In case of a reply, more details and a new account number will be sent.

Example of a change of bank details scam email:

An organisation can protect itself against change of bank details scams by taking the following steps:

  1. Establish rules for changing the bank account used for salary payments. For example, a requirement that any change in bank account details should take place in a stipulated environment (if you use in-house HR software) or a request in the same format as the employment agreement (digitally signed).
  2. Teach employees to recognise phishing messages (see the description under the CEO scam).
  3. Restrict information about employees in the public domain (website, LinkedIn) to make it harder for criminals to construct a plausible phishing message.
  4. Make it as difficult as possible for criminals to spoof the email addresses of your organisation (keywords SPF, DKIM, and DMARC).