The scam is infuriatingly simple: The hackers would infect a company’s IT system and then use that to monitor communications and reach out to customers asking them to change the recipient of a payment they were expecting to make.
The other was that they would actually hack into your company’s IT system, impersonate a senior member of staff asking for payment of some kind.
More than 5,000 people were conned into sending planned payments to fraudsters last year, police said.
According to figures obtained by BBC Radio 4’s You & Yours, the number of cases of the “mandate” or “invoice” scam is up 71% on the previous year.
Commander Chris Greaney of the City of London Police, which monitors and investigates fraud across the UK, told the programme: “Sadly email is just not safe and you cannot trust it all the time.”
Cases of both kinds jumped between 2014 and 2015 with police recording 5,480 similar cases in 2015, compared with 3,206 in 2014.
Of those affected, 36% of them said it had a severe or significant impact on them, meaning it affected their health or their ability to make ends meet.
Mr Greaney said: “Junior people in very large organisations need to feel comfortable to ask the question of someone senior whether or not this is a real transaction.”
People should be suspicious of emails that ask for payment, particularly if they are persistent and include new bank account details, he said.
He added: “The best thing for any individual to do is to pick up the phone and speak to the business they are dealing with.