Fraudulent Funds Transfer Scams

Many companies use email to send invoices that need to be paid. Just like any other communication tool that companies use that involves credentials or money, cybercriminals have taken this system to their advantage. This type of scam is called Fraudulent Funds Transfer (FFT). In this scam, the cybercriminal's main goal is for you to pay your invoice to their bank account instead of your company's bank account.

Cybercriminals have to do a couple of steps in order to have a successful FFT scam. They use social engineering to trick an employee into giving them their email account for a company. Once they have access to this account, they use it to send out emails to other coworkers pretending to be an executive from the company. Included in this email is bank account information and it asks the receiver to pay their invoice to that specific bank account. If the person sends the payment, they will not be paying their company like they think, instead their money will be going straight in the hands of cybercriminals.


  • Always reach out to the person directly if you get sent an invoice. Especially do this about an invoice you weren’t expecting.
  • Make sure you think before you click! Cybercriminals want you to act quickly. They are expecting you to impulsively do an action. Carefully read any email, text or post before you click on a link or open an attachment.
  • Never send money to a bank account that has been sent in an email. Always go to the bank's website to submit a secure payment.

Learn more tips like this and train your employees with our Security Awareness Training Program.