top of page

Protect your finances: Be aware of BACS scams

Nowadays, online transactions have become a popular way of handling payments and invoices due to how quick and convenient they are. However, whilst they have convenience going for them, they do come with the increased risk risk of falling victim to scams and fraudulent activities.  


In this blog, we’re going to be taking a look at a real-life example of a BACS scam, including how the scam was avoided. We’ll also be providing you with actionable tips on how you can protect your finances from these types of threats. 

What’s a BACS payment? 

We’re sure you’re familiar with BACS payment, however if not, here’s a quick refresher. A BACS (Bankers' Automated Clearing Services) payment is a way of transferring money electronically between bank accounts within the United Kingdom.  


It’s commonly used for various financial transactions, including payroll payments, supplier payments, and bill settlements. BACS payments are processed by banks and typically take three working days to clear, making them a convenient and cost-effective option for both businesses and individuals alike. 


A real-life example of a BACS scam 

So, you may be thinking it would be pretty tricky to pull off a BACS scam, and whilst it is one of the less common online scams it is possible. The fact it is less common also means businesses and individuals are less on their guard about these kinds of scams.  


To give you an idea of how they can happen, we’re sharing a real-life example that happened to one retail business owner. A customer who seemed legitimate wanted to buy an item and requested an invoice for a BACS payment totalling £380. However, what appeared to be a straightforward transaction quickly took a suspicious turn. 


The customer claimed to have mistakenly transferred £5,300 into the trader's account and began to urgently request a refund of the excess amount, minus the cost of the item. Red flags were raised not only at the huge amount of money that had supposedly been transferred – it’s a pretty big mistake to make! – but also when the name associated with the bank details for the refund did not match the original customer's identity.  


Despite the pressure from the supposed customer to speed up the refund process and even though the funds showed as cleared on their account, the business owner remained calm and decided to get further clarification from their bank before taking any action. 


On contacting the bank, the owner discovered that the initial payment had been made via an AST (Automated Sort Code Transaction) rather than a BACS payment as initially indicated. Plus, the seemingly cleared funds in the trader's account were later revealed to be the result of a fraudulent check that had not been properly cleared.  


This eye-opening experience sheds light on just how sneaky scammers can be, as well as the level of deceptive tactics they’ll use to try and manipulate individuals into unwittingly assisting with their fraudulent activities. 


Protecting your finances: Essential tips 

So, what can we learn from the above to help safeguard yourself and your finances from falling victim to BACS scams and similar fraudulent schemes? Well, as a starting point, you’ll want to consider the following tips: 


Exercise caution: This is an obvious one, but it’s a good idea to approach all unfamiliar transactions with scepticism and trust your instincts if something seems too good to be true or raises suspicions. 


Verify payment details: Another obvious one but if you’re being pressured or feel in a panic, you may overlook this step. It’s important to meticulously verify the accuracy of recipient bank details and be wary of any discrepancies in names or unexpected changes in payment methods. Consider asking for a number of verification steps as standard, such as company house number or letterhead with company account details, followed up by always verifying the payment details with them by calling the number on their website or a previously saved number you have for them. 


Communicate securely: Make sure that you use secure channels such as encrypted email or messaging platforms to exchange sensitive information and avoid sharing personal or financial details over unsecured channels. It’s also important to never reply to, call a number on, or click through on the email you’ve received notifying you of the change in details, as you will likely contact the fraudster or be directed to a website they have created. If you’re contacted by telephone, call your supplier back on the number you have for them (not the one they just called on, unless it’s a match) to confirm it was them. 


Delay refunds: Resist pressure to rush into refunding payments and take the time to thoroughly investigate the legitimacy of transactions and confirm the validity of funds before you action them. 


Stay informed: Stay updated on the latest trends and tactics employed by scammers and educate yourself on common red flags and warning signs to remain vigilant against potential scams. There are plenty of cyber security resources and guidance you can take a look at here



Need some support with your organisation’s cyber security? Contact us today to find out how we can help.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.


The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page