Authorised Push Payment (APP) scam | Current Fraud scenarios

Fraud prevention

How does an authorised push payment (APP) scam work?

An APP scam occurs when someone is tricked into sending money to a fraudster posing as a genuine payee. It differs from other types of fraud, where criminals get access to accounts and steal money without the account holder’s knowledge (see “Emerging Fraud Threats” section). With APP scams, criminals often try to persuade you to take action in a hurry. They make you panic before you have time to think it through properly.

We’ve also listed some common APP scams to watch out for below.

How can I defend my business against APP scam?

1. Raise awareness among staff, by educating employees about the tactics used in APP scams, such as fake payment requests or impersonation of senior staff. Never:

Act on the urgency of a request without verification.
Share personal or financial details over email, phone, or text.
Click on links or download attachments from unknown sources.

2. Always check the sender’s name/email address, clicking on the name will reveal the full email address of the sender.

3. Never assume that an email received from a known email address, or with a previous email trail is genuine. Always verify payment instructions separately to the email.

4. Set up robust approval processes for payments, requiring multiple levels of verification for large or unusual transactions, such as double validation.

Signs of potential APP scam:

Emails or calls regarding an unexpected request to transfer money to a new or unknown account, emphasizes urgency or pressuring you with threats.
The email addresses, phone numbers, or platforms are unfamiliar or inconsistent.
The sender/caller is a trusted contact, but their tone or behaviour seems uncharacteristic.
The call or email directs you to bypass standard or internal systems for verification

If you think you’ve been scammed

If you believe you’re the victim of one of these scams, please call us straight away on 03457 404 404. We’ll review this based on the information provided by you, the bank that received the scam payment and anyone else relevant, including the police if appropriate. We’ll also need to share your details and what you’ve told us with the receiving bank or police so they can investigate.

What are the typical APP scams?

Some types of APP scams are covered by the new rules, but others aren’t. We’ll still investigate other types of scams, and you may be reimbursed, so it’s important to report them to us.

Business Email Compromise

This is where email addresses are hacked or spoofed (copied) and emails are sent to trick the recipient in to sending funds to a fraudulent account. Fraudsters will typically hide in compromised accounts for weeks, studying communication patterns and internal processes before launching their attack. There are two well-known types: CEO Fraud and Payment/Invoice Diversion

CEO fraud

This is where the fraudster impersonates the chief executive officer (CEO) or another high-ranking colleague of an organisation, before sending emails to the finance department, requesting a payment to be made urgently. Their email address is either spoofed or hacked and is often timed so that the manager they’re impersonating is away making it difficult to verify the details. They impersonate senior management to play on their authority and pressure staff into making payments urgently.

Payment/Invoice Diversion

Fraudsters are often aware of the relationships between organisations and suppliers, understanding when regular payments are due, making it easier to trick you. They contact individuals, such as finance staff within businesses, posing convincingly as suppliers or employees, to make payment requests. These can sometimes carry on from existing email threads, and align with genuine activities of your business, making these requests even more believable.

Purchase scam

This is when you pay in advance for goods or services that are never received. These scams usually involve the victim using an online platform such as an auction website or social media.

Investment scam

A criminal convinces you to move your money to a fund that doesn't exist or to pay for a fake investment. The criminal will usually promise a high return. These scams include investment in items such as gold, property, carbon credits, cryptocurrencies, land banks and wine.

Romance scam

Fraudsters will use fake profiles on social media or dating websites to target their victims. They try to start a relationship and develop it over a long period of time. Once they've established their victim’s trust, the criminal will then claim to have a problem, such as an issue with a visa, health issues or flight tickets and ask for money to help.

Advance fee scam

In this type of scam, a criminal convinces you to pay a fee that they claim will result in the release of a much larger payment or high value goods. These scams include claims that you've won an overseas lottery, that gold or jewellery is being held at customs or that an inheritance is due. The fraudster tells you a fee must be paid first. When the payment is made, the promised goods or money never materialise. These scams often begin with an email, or a letter sent by the criminal to the victim.