Understanding APP fraud: How to protect yourself and your business

a month ago   •   7 min read

By Rhian Davies-Kenny

Existing in a digital world is full of perks. You can order almost anything off the internet, whether you’re looking for groceries, clothes, holidays or office supplies, you can take to the world wide web and instantly find whatever it is you’re seeking. But there are drawbacks to our super-connectivity too - namely how easy it is for criminals to get their scams on your screens. 

Today, we’re looking at an incredibly common kind of digital scam - APP fraud. Let’s take a closer look. 

What is APP fraud? 

Authorized Push Payment (APP) fraud is when you’re tricked by a scammer into willingly transferring money to them. The scammer might pretend to be your bank, a company you trust or even a friend in need. 

They’re called “authorized” payments because the scammer doesn’t hack into your account to steal money, instead they trick you into making the transfer yourself. 

According to this article from UK Finance, criminals stole more than half a billion pounds in the first half of 2023 alone through APP fraud. 

Cases of APP fraud have surged with the growth of digital payments and online transactions, with criminals capitalizing on our reliance on fast, convenient transfers like bank-to-bank payments. Since these kinds of payments are irreversible once authorized, scammers have refined their techniques to better exploit human error and trust. 

This form of fraud can be highly sophisticated. It’s now quicker than ever to build convincing-looking websites and emails, and to gather data and infiltrate peoples’ online lives, so creating a convincing impersonation of a legitimate brand is easy. 

Red flag to watch out for

Before we get into the details of the most common types of APP fraud and what to do if you’ve been the victim of fraud, here’s a rundown of the APP fraud red flags you should keep your eyes peeled for. 

  • Unexpected payment requests - sudden demands for money, even from established payees.
  • Changes in payee bank details - when a supplier or contact suddenly changes their bank account info.
  • Unfamiliar contacts requesting money - requests coming from people you’ve not dealt with before, even if it’s a company you’re familiar with.
  • Very urgent payment requests - criminals often engineer urgency to push you into making payments without thinking.
  • Poor spelling or grammar in messages - subtle mistakes in emails or invoices may indicate a scam. 
  • Pressure tactics - criminals may claim that failing to act quickly will result in severe consequences.
  • Unconventional communication channels - don’t talk about financial matters through social media or instant messaging apps
  • Too-good-to-be-true - if an investment or deal seems unrealistically lucrative or unbelievably cheap, it may be a scam. 
  • Emotional manipulation - scammers may try to scare you by claiming you’re at risk, excitement by announcing you’ve won a prize or sympathy by telling you they’re at need.

Common types of APP fraud

The shady world of APP fraud is diverse and ever-evolving. As soon as one scam is found and eliminated, another pops up to take its place. Here are some of the most prevalent types we’ve seen in recent years, to give you an idea of the kinds of things to look out for:

Invoice scams

This scam begins when you receive an email from a supplier you regularly work with. The email looks legitimate, the details look reasonable, but the email address has a string of numbers after the name, which isn’t how it usually looks? Or maybe they’re asking you to pay by bank transfer into an account you don’t recognize, instead of your usual method? Something’s off. 

That’s because it’s not your supplier at all - it’s a criminal who’s intercepted your communications or hacked into an email account to learn the types of invoices you usually pay. 

💡Avoid invoice scams by always double-checking details of your payees and bills. If you don’t recognize an invoice, challenge it. 

Employer fraud

This is a scam that often happens to employees of large or distributed companies. CEO fraud is where an employee receives an urgent email management that looks something this:

The message sounds important, convincing, and urgent. All of which should set alarm bells ringing for a recipient. The more urgent a payment request, the more closely you should check before transferring any money.

Another type of common employer fraud is HR scamming. In this scam, you might receive an email from your HR department requesting your e-signature on a linked document. This linked document is actually a hidden piece of malware, and by clicking on it you give the scammers access to your machine. 

💡Avoid employer fraud by training your whole team on how to spot phishing and setting guidelines on how genuine payment or e-signature requests would be made.

Impersonation scams

These kinds of scams play on peoples’ trust in authority figures. Somebody claiming to be from your bank, your tax office, or the police may call you to begin the scam. They’ll often try to convince you that you’ve got an outstanding payment on your account, and that criminal charges may be pressed if you don’t pay up immediately. 

Again, the urgency in these kinds of calls should make a recipient suspicious - the scammer is trying to worry you enough into not doing your due diligence.

💡Avoid impersonation scams by never making payments over the phone when you haven’t dialed the number yourself. If your bank calls you, say you’ll call them back and find the phone number yourself online. Do the same for a tax office. That way you’ll be sure you’re actually speaking to the real company. 

Purchase scams

We’ve all been tempted by a too-good-to-miss deal that we’ve seen online. Whether it was impossibly cheap flights to a fantastic destination or designer products at discounted prices - there’s a scam out there for all of us. 

Purchase scams are where you’re tricked into buying that great product, but the product itself never even existed. 

💡Avoid purchase scams by thoroughly reading online reviews for any suspicious product. You can verify a company exists using whatever the local version of Companies House is, where you should be looking out for matching information and a full trading address. If in doubt, don’t make the purchase.

Investment scams

Who doesn’t want a high return on their savvy investments? That’s exactly the mentality that investment APP scams target.

Criminals lure their victims into investment scams with promises of lucrative opportunities in trending investment areas like crypto or green energy. Often, they’ll even go so far as to provide their victims with updates showing how well their investment is performing to encourage them to continue investing again and again. 

💡Avoid investment scams by always seeking advice from an independent financial advisor before making decisions or sending money. 

How to avoid becoming a victim of APP fraud

You don’t need a degree in cybersecurity to effectively protect yourself from APP fraud. Here are some practical steps you can take:

  1. Verify payment details - always double-check account information before hitting send on a payment.
  2. Be wary of urgency - if someone is demanding a payment very urgently, they’re trying to get you to transfer money without thinking it through. Take a breath and verify all requests through official channels, making inbound calls to the company through an officially listed phone number wherever possible.
  3. Secure your communications - stick to trusted, secure communications whenever you’re discussing anything financial with your team. 
  4. Educate your team - knowledge is power when it comes to APP scams. Make sure everyone in your company knows the red flags they should be looking out for. 
  5. Implement dual authorization - two heads are always better than one. Set dual authorization up on your accounts, especially for large transfers, to ensure maximum visibility on your outbound cash. 

New UK APP fraud legislation

In October 2024, UK Payments System Regulator (PSR) introduced new rules that all banks, building societies and EMIs (like wamo) must comply with. Under these new rules, anyone that falls victim to APP fraud can claim their stolen money back more easily. 

You’re covered for up to £85,000 of payments made from one UK bank account to another UK bank account. When you report a fraudulent transaction, you’ll be reimbursed by your bank, building society or EMI within five days, following an investigation. 

What to do if you’ve been the victim of APP fraud

If you suspect that you’ve been the victim of APP fraud, it’s important to act quickly. Contact your bank or payment provider as soon as possible to report the fraud. They might be able to stop the transfer if it hasn’t been completed yet. 

It’s also vital that you report the fraud to your local authorities or a national fraud reporting service. If you’re in the UK, you should also report any suspected fraud to Action Fraud, the UK’s national fraud and cybercrime reporting center, by calling +44300 123 2040. If you’re in Scotland, report the fraud directly to Police Scotland by calling 101. If you’re in Europe, you can contact your local police, the European Consumer Centres Network (ECC-Net), or Europol’s European Cybercrime Center (EC3).

Prevention is better than cure

At wamo, we’re committed to keeping your money safe and providing you with the best possible protection. We’re actively complying with the new PSR regulations, but prevention is always better than cure. Read through this Help Center article for advice on protecting your business from fraud.

Stay safe, stay vigilant and approach unfamiliar payment requests with suspicion.

At wamo, we’re committed to keeping your money safe, and appreciate your continued trust. If you’ve got any questions, or if you’d like to speak with someone about APP fraud, please reach out to our Support Team by email at support@wamo.io, or using the wamo website live chat

Subscriber