ACG-CYBER SECURITY BULLETIN NR 400: Payment Redirection Fraud: How Fraudsters Trick You into Paying the Wrong Account

Posted on July 31, 2025

Reference Number: ACG-CSB 071725400

The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

Payment redirection fraud is a sophisticated form of phishing where cybercriminals impersonate trusted individuals or businesses often using compromised email accounts to trick victims into transferring funds to fraudulent bank accounts. These scams can originate through email, phone, text, or social media, often leveraging urgency, fear, and emotional manipulation to bypass suspicion. Modern fraud tactics are highly convincing, using official branding and realistic messages to exploit trust rather than relying on obvious red flags like poor grammar. In some cases, attackers may monitor breached email accounts and wait for the right opportunity to intervene in real payment communications by altering banking details.

Small and Medium-sized Businesses (SMBs) are particularly vulnerable due to limited security resources. Common warning signs include sudden changes in payment details, unexpected payment requests, and urgent transfer instructions. In addition to stealing funds, these scams may also expose sensitive information or install malicious software.

Payment redirection leverages deception, urgency, and social engineering to manipulate employees into diverting legitimate payments to fraudulent accounts. Unlike traditional cyberattacks that target systems, this form of fraud exploits human behavior making it harder to detect and prevent through technical defenses alone.

To defend against these threats, organizations must prioritize employee training and foster a strong culture of cybersecurity awareness. While accounts receivable professionals may not fall victim directly, their customers could, posing a serious risk to both parties. Because these attacks exploit human trust rather than system vulnerabilities, businesses must prioritize employee education, enforce strict verification protocols, and establish clear communication channels.

RECOMMENDATION

The public is encouraged to follow these safety tips to help prevent falling victim to this security issue:

Frequently change and maintain strong passwords and never use Personally Identifiable Information (PII) in the password;
Conduct regular training sessions to help employees recognize phishing attempts, social engineering tactics, and the signs of a compromised communication;
Never be persuaded to download any software or visit a site because someone on the phone has told you to; and
Never give your full PIN or online/telephone banking login details to anyone, even a caller claiming to be from your bank or the police.

For additional information, please refer to the following websites:

https://www.nab.com.au/about-us/security/online-safety-tips/payment-redirection-scams
https://gaviti.com/protecting-your-company-from-payment-redirection-fraud/

POINT OF CONTACT

Please contact PCOL JERRY V EMPIZO, Chief, Cyber Security Unit, thru e-mail address csradacgroup@gmail.com or contact us by telephone number (632) 723-0401 local 7488 for any inquiries related to this CYBER SECURITY BULLETIN.