Skip to content
HSBC UKHSBC UK Hexagon Icon
Back to Fraud & Scams

Authorised push payment (APP) scams happen when criminals persuade you to make a bank transfer. They'll usually pretend to be from a reputable business or organisation and try to pressure you into acting quickly. This is so you don't have time to realise it's a scam.

Here are some of the most prevalent APP scams impacting business customers.

Business Email Compromise (BEC)

Business E-mail Compromise (BEC) is a sophisticated scam targeting businesses that make regular payments, tricking them into making payments to a fraudsters account, instead of the genuine payees account.

Watch: BEC in practice

Main variations of this type of scam involve:

Email spoofing – The fraudster spoofs an email address, usually a supplier’s or a business owners’. It doesn’t require compromising any email accounts but instead, the invoice is sent from an email account that is so close to the domain of the vendor that most people would miss the change, for example, @CompanyABC.com instead of @CompanyACB.com.

A Compromised Email Account - This involves the actual compromise of a supplier’s email account or one of the business’ senior staff’s email account (such as the CEO).

Payment Diversion/Invoice Fraud

Using one of the methods above, the fraudster sends an email to the individual or team responsible for making payments. The email is usually well timed, is written in the correct tone and contains a sense of urgency. Sometimes the request will be to pay a new beneficiary but often, the request is to pay a known supplier, using new account details which the fraudster has provided.

Steps to take to reduce the risk of BEC

  • Educate your staff – make sure everyone is aware of BEC
  • Always verify any change of account details, over the telephone, on known contact details. Don’t use any numbers or contact information listed in the email.
  • Thoroughly review emails, looking out for subtle differences in the email address.
  • Incorporate a robust due diligence culture in your business which may include a two-tier approval for payments

Telephone Scams

In this scam, criminals call pretending to be from the police or your bank, convincing you to make a payment to an account they control. They might also claim to represent a utility company, IT support or government department.

Watch: Troy the magician display some of the fraudsters tricks

The most common scam is where the fraudster informs you there has been fraud on your bank account, and you must move money to a ‘safe account’. Common scams include bogus claims that the victim must settle a fine, pay overdue tax or return a refund. Sometimes the criminal asks for remote access to the victim’s computer as part of the scam, claiming they need to help ‘fix’ a problem.

Protect yourself from telephone scams

  • HSBC will never ask you to move money to a ‘safe account’
  • NEVER give out your PIN, card details, Internet Banking Secure Key Codes, or any One Time Passcodes (OTPs)
  • REMEMBER, genuine phone numbers can be spoofed
  • Don’t be afraid to end a call and call the organisation back on a genuine number, using a different phone where possible

Purchase Scams

Purchase scams happen when you pay for an item or services that never materialise. The company seemingly disappears and your money is lost.

Typically, these scams:

  • offer a too-good-to-be-true deal or discount
  • have 'limited availability', or are a 'special offer' to encourage you to act quickly
  • persuade you to send money before receiving a service
  • are advertised on social media or other online marketplaces, or in some cases through legitimate looking websites that have actually been set up by fraudsters
  • ask you to send money via bank transfer rather than using a card or cheque

When making purchases online

  • Review the webpage and address for misspellings, additional characters
  • Research the company before making a purchase
  • Search the company online with buzzwords ‘scam’ and ‘fraud’ to see if there are negative reports
  • Always use a secure payment method and be wary if asked to make bank transfers upfront
  • Check the returns and cancellations policy
  • REMEMBER, if the offer is too good to be true, it normally is

Investment Scams

Criminals may contact you to offer investment opportunities which may seem too good to turn down. They often use false testimonials, fake celebrity endorsements, spoof websites and fake companies with names similar to genuine organisations. In lots of cases, they will also provide lots of convincing marketing materials to make the scam appear genuine.

Recent scams involve investment opportunities in gold, property, wine and cryptocurrencies.

Stay safe when making investments

  • Use the Financial Conduct Authority (FCA) website to check that the company your investing in is registered.
  • Check the FCA website for their list of companies that have been reported for investment scams.
  • Always talk through an investment opportunity with family and friends – a second opinion can often help spot fake opportunities
  • Research the investment opportunity online, checking for reviews and paying attention to negative news and comments.

Further Resources

Take 5 – Stop, Challenge and Protect

NCSC – National Cyber Security Centre advice and guidance on a range of cyber topics

Guide to protecting your business from payment fraud