Invoices that have already been received are sent again with a changed IBAN number or with the remark to usea different account number for future payments.
In this type of scam, attackers gain access to a business email account and use the information they find (such as invoices) to craft targeted messages with fraudulent content. These messages are then sent to the account holder's contacts. For example, one of these contacts might be asked to transfer a previously invoiced amount to a different IBAN. As these scam messages often refer to genuine email conversations, they can be difficult to identify as fake. If you have made a payment based on a fake invoice, you should contact your bank immediately, as it may still be possible to stop the transaction. If you suspect that one of your email accounts has been compromised, for example if fake invoices are being sent in your company's name, arrange for a professional to check your email infrastructure.
Specific measures
Preventive measures
How the NCSC can help
Further Information
You've received a fake invoice:
- If you have made a payment, contact the bank you used immediately. They may be able to stop the payment.
- If you have suffered a financial loss, we recommend that you report it to the police. You can find your nearest police station on the Suisse ePolice website (available in German, French and Italian).
- If you receive a fraudulent email, inform the sender that their account may have been hacked.
Your email account has been hacked:
- Change the affected passwords.
- Have your IT environment analysed. If your company does not have the necessary expertise, contact a specialist company.
- Check your email filters and forwarding rules. Attackers often create a rule that sends them a copy of your incoming emails.
- Proactively warn anyone who might receive these fraudulent messages.
- In this case, the NCSC recommends filing a police report. You can find your nearest police station on the Suisse ePolice website (available in German, French and Italian).
- In the case of unusual requests, verify the accuracy of the order by calling or speaking to the customer in person - not by replying to the email in which the unusual request was made.
- Raise awareness of these potential attack methods among all employees, especially those in finance and key positions.
- Be careful when handling unusual payment requests.
- All processes relating to payment transactions should be clearly regulated within the company.
- You should always enable two-factor authentication (2FA) for services that offer it. This will increase the security of your data considerably.
- If an IBAN has been misused for fraudulent purposes, the NCSC can report this to the law enforcement authorities.
- Your report via the online form helps the NCSC identify trends. This makes it possible for the NCSC to raise public awareness in a targeted way.
Last modification 23.02.2021
