The single most effective control against invoice and payment-redirection fraud is a firm rule that no change to bank details is ever actioned on an email alone. Always confirm it by phone on a number you already hold, never one from the message. Back that with strong email security, multi-factor authentication and staff training, and you shut down the way these scams work.
Accountants handle payments, payroll and supplier invoices every day, which makes them a favourite target for business email compromise. Criminals pose as a supplier, a client or a colleague and ask for funds to go to a new account. Here is how to protect your practice and the businesses you act for.
1. Verify every change of bank details
Make it standard procedure: any request to change payment details, from a supplier, a client or internally, is verified by calling a known contact before anything is paid. Write it down, train everyone on it, and make sure no one feels pressured to skip it because a message looks urgent.
2. Secure your email
Most of these attacks arrive by email or follow a hacked mailbox. Advanced filtering, impersonation protection and multi-factor authentication on every account make it far harder for a criminal to get in or to convincingly pose as someone you trust.
3. Train your team to pause
These scams rely on urgency and routine. Short, regular training and simulated phishing teach staff to stop and check when a payment request feels even slightly off, which is often the only thing standing between a busy finance team and a costly transfer.
4. Watch for the warning signs
Account monitoring can flag a compromise in progress, such as new mailbox forwarding rules or logins from unexpected places. Spotting these early can stop a scam before any money moves.
A real example: security that wins trust
We helped a client become cyber security compliant to meet a customer’s requirements and win a large tender, which grew their business. For an accountancy firm, the controls that prevent fraud are the same ones that reassure clients their money and data are in safe hands.
Why accountancy firms choose First Stop IT
First Stop IT has supported businesses since 2002 and specialises in security for professional service firms. Our credentials include:
- Cyber Essentials Certified
- IASME Cyber Assurance (Gold)
- NCSC Assured Service Provider (Cyber Advisor for Cyber Essentials)
- Microsoft Partner
- Crown Commercial Service Supplier (G-Cloud)
- Quality Principles Certified
We look after more than 2,000 endpoints across 50 companies, we’ve been named a Top 50 UK MSP for three years running, and we support organisations with 10 to 100 employees across Essex, Hertfordshire and London, including Harlow and Bishop’s Stortford.
Book a free IT and cyber security review
Want to protect your firm from payment fraud? Book a free IT and cyber security review with First Stop IT and we’ll check your email security and your payment process.