Why Payment Diversion and Phishing Spike at Year End

Every year, as the tax year closes and financial reporting deadlines loom, fraudsters sharpen their tools.

Organisations are busy. Finance teams are stretched. Cash flow is under pressure. Senior leaders want figures signed off. Suppliers are chasing payment. Payroll year end reconciliations are underway. It is the perfect storm.

According to guidance from the National Cyber Security Centre and warnings issued by HM Revenue & Customs, phishing and business email compromise continue to rise during high-pressure reporting periods. Industry data from UK Finance consistently shows that authorised push payment fraud remains one of the most damaging forms of financial crime in the UK.

Year end creates urgency. Urgency creates mistakes. Fraudsters understand human behaviour better than most organisations do.

What Changes at Year End?

During March and early April, several risk factors align:

Heightened workload

Payroll submissions, P60 preparation, CIS returns, VAT reconciliations, corporation tax planning and year end accounts all converge.

Time pressure

Payment runs are accelerated. Approvals are rushed. Temporary staff may be involved.

Cash movement

Large supplier payments and bonus runs are common. Fraudsters target moments when significant sums are being transferred.

Change requests

Bank detail updates often occur before new financial years. Fraudsters mimic genuine suppliers requesting “updated” details.

Reduced scrutiny

Fatigue lowers vigilance. A convincing email can slip through.

Fraud does not need a technical vulnerability. It needs a behavioural one.

The Most Common Year End Scenarios

Supplier bank detail change

An email appears to come from a regular supplier stating that their bank details have changed. The tone is professional and references real invoices.

HMRC themed messages

Emails claiming refunds, compliance checks or urgent tax adjustments often increase before 5 April.

Senior executive impersonation

A director’s name is used to request an urgent transfer before “close of business”.

Invoice resubmissions

An old genuine invoice is resent with altered payment details.

Each scenario leverages familiarity and urgency.

Why Smaller Businesses Are Especially Exposed

Large organisations may have layered approval systems. Smaller businesses often rely on one or two trusted individuals to manage finance. That efficiency becomes a vulnerability when fraudsters target the person with payment authority directly.

Construction firms managing CIS at year end, hospitality businesses handling high seasonal turnover, and payroll bureaux processing multiple employer year ends are all particularly exposed. Complexity increases opportunity.

What Sensible Controls Look Like

Strong controls are rarely complicated. They are disciplined.

Independent verification

Any request to change bank details must be verified using an established telephone number from your supplier records, not the number in the email.

Segregation of duties

Where possible, separate the roles of setting up suppliers, amending bank details and approving payments.

Dual approval for high value transfers

Particularly during March and April.

Mandatory pause

Introduce a 24 hour hold for first payments to new bank details.

Phishing resistant multi factor authentication

App based or hardware key authentication significantly reduces compromise risk.

Clear reporting channels

Ensure staff know to forward suspicious emails to report@phishing.gov.uk and report HMRC themed scams appropriately.

These controls work because they reduce reliance on assumption.

The Psychology Behind the Spike

Fraudsters exploit cognitive shortcuts. Under time pressure, the brain prioritises speed over scrutiny. Authority bias, urgency bias and familiarity bias all increase during busy reporting periods.

The lesson is uncomfortable but useful. Security is behavioural discipline wrapped around technology.

Year end is not simply an accounting milestone. It is a risk window.

A Practical Year End Reminder

Before processing payments in March and early April:

Pause

Verify

Call back

Document

Five minutes of verification can prevent months of recovery work.

Fraud prevention is not about paranoia. It is about structured scepticism. The scientific method applied to money movement. Test the assumption. Confirm the source. Validate the data.

Year end pressure will always exist. What changes outcomes is how calmly systems operate within it.