Apr 22, 2016
More than 5,000 people were conned into sending planned payments to fraudsters' bank accounts last year.
Victims were fooled by emails asking them to divert payments into criminals' accounts, leaving the genuine recipient unpaid.
The number of cases of the scam - also known as "mandate" or "invoice" fraud - is up 71% on the previous year.
Losses in the UK totalled £126m, according to police figures compiled for Radio 4
Police said people need to be suspicious of any persistent emails that suggest a change of bank account details
Georgia Morandi, from Carmarthenshire, lost £2,514 to this sort of scam after having a wood burning stove installed. She received messages - apparently from her stove fitter's email account - asking for the money she owed him to be paid into a different bank account.
"The timing of it was perfect because, of course, it was a bill that I inevitably had to pay," she said.
But the messages she had received were not really from her stove fitter. It is thought his email account had been compromised and somebody posed as him online.
"It was a massive shock because I could instantly see that it would be an issue trying to get the money back," said Ms Morandi.
"I went into a bit of a panic wondering how it was going to end. I couldn't afford to pay for the stove twice; the stove fitter couldn't afford to be out of pocket. It was very difficult to know who is responsible for that stolen money."
In the end, Ms Morandi's bank refunded the money she had sent to criminals. But they called it a goodwill gesture and not everyone caught out in this way will get their money back.
The police recorded 5,480 similar cases in 2015, compared with 3,206 in 2014.
Of those affected, 36% of them said it had a severe or significant impact on them, meaning it affected their health or their ability to make ends meet.
The scam tends to happen in two main ways. The first is where a company's IT system is infected with malware allowing criminals to spy on emails and then contact customers. The second is where a criminal pretends to be someone senior in a company and emails a junior member of staff asking them to make a business payment, known as CEO fraud.
"Junior people in very large organisations need to feel comfortable to ask the question of someone senior whether or not this is a real transaction," said Commander Chris Greany from City of London Police, which monitors and investigates fraud across the UK.
"Sadly email is just not safe and you cannot trust it all the time."
Commander Greany thinks more people need to be suspicious of emails that ask for payment particularly if they are persistent and include new bank account details.
"The best thing for any individual to do is to pick up the phone and speak to the business they are dealing with," he suggested