Beware of Change of banking details Scams
Novotech has noticed a marked increase in fraudulent payment scams that may impact our clients and vendors. While we remain vigilant in identifying suspicious emails, it’s when the scam involves our clients and vendors we deal with on a regular basis or would otherwise believe to be trustworthy they might be overlooked and required us to implement additional controls to combat them.
How to spot them
- These are also known as “man in the middle attacks”, whereby a legitimate business email account has been compromised. The bad actor then intercepts a conversation between a payer and payee and re-directs the payment to a different banking account.
- In these instances, the change in bank details would be the only indicator that it is a scam.
How to avoid them
- Contact the supplier directly using an alternative contact method to verify any request to change bank details.
- Novotech will always contact our suppliers to verify a request to change bank details.
- Novotech has in place a multi-layer approval process for changing supplier banking details.
- Novotech expects our clients to contact us should they receive a request to change bank details from us.
Novotech measures taken
Should Novotech ever change to a new bank account in future, our company protocol is:
- An email would be sent from a Novotech email address to alert you of this change in writing and on our company letterhead.
- This will be verified with a follow up call from our dedicated account manager to confirm our new bank account information over the phone.
- We will complete any update to vendor information from your company as required.
If you receive an unexpected request to use new payment information or a request to change payment information, please verify the information before making any payment changes. You can verify such contact details by contacting our Finance Team on FinanceHelp@novotech-cro.com
If you suspect you have been targeted by a change of banking details scam, please report it to your local Cyber Security body.
In the USA - FBI, Internet Crime Complaint Center (IC3)
In the UK - The National Cyber Security Centre (NCSC)
In Australia - ACSC (Australian Cyber Security Centre)
In New Zealand - CERT NZ (Computer Emergency Response Team)