email cybercriminal

Invoice Redirection Fraud is where cybercriminals trick the customer into transferring money into the cybercriminal bank account instead of the true seller.

To do this, the cybercriminal need access to either the customer or seller's email account. This is easily done when email password lists bought from the darkweb.

Unfortunately, people often use the same password for their email as they do on other websites. When these websites get hacked, the email and password combination gets sold to cybercriminals... and they then have access your email to carry out this scam.

Cybercriminals can also carry out Invoice Redirection Fraud from sniffing the network and intercepting unencrypted and non-authenticated emails - but that is getting harder to do these day. 

Once the cybercriminal is in your email box, they read the incoming emails and wait for discussion or an actual incoming invoice. The cybercriminal then intercepts the invoice and changes the bank details.

The modified invoice will look exactly like the legitament invoice sent via the seller... only with the Bank Deatils altered. 


Another, less convincing way, for Invoice Redirection Fraud is if the cybercriminal gets information (like staff names and emails) from public social media and websites, and makes up a mock invoice. This invoice will probably not look like the real invoice issued by the real seller. The cybercriminal will then email that to you via a similar email (not the actual seller's email). But really... you would need to be a bit stupid these days to fall for this.


You can stop this happening to you if...

  • Don't use your email password for other websites or services. 

  • Use GMail and the GMail apps for scam and phishing warnings. Also Gmail is secure with authenication and encryption. (Avoid using insecure bigpond, tpg and iinet emails).

  • Store all banking details in your Netbank's address book. If banking details have changed ... call the supplier to confirm the change.. it is likely this scam. (Don't email... you will provbably get a reply from the cybercriminal).