Scams can strike any of us without warning. Recently, the Cleveland Public Library fell victim to such a scam, mistakenly transferring nearly $400,000 to a fraudulent vendor last summer in what is known as a payment redirection scam.

The Office of Ohio State Auditor Keith Faber, during its annual audit of the Cleveland Public Library, uncovered that the payment in June 2024 occurred due to inadequate safeguards against such scams.

Auditors say that library officials changed bank payment information after a request from a scammer pretending to be a legitimate vendor.

Payment redirection scams typically involve scammers gaining access to business email accounts or crafting emails that closely mimic legitimate ones. They then send invoices or requests for updated payment information. Because the email seems to be from a trusted source, recipients unwittingly send payments, not realizing that scammers have diverted funds to their own accounts.

Luckily for the Cleveland Public Library, all money was recovered.

The library’s insurance company compensated $350,000, and the genuine vendor forgave nearly $46,000. Authorities managed to reclaim around $133,000 from the scammer’s bank account, which was then reimbursed to the insurer. The library swiftly introduced multiple vendor verification processes to prevent such incidents in the future.

To guard against payment redirection scams, the Australian Competition and Consumer Commission advises taking precautions such as thoroughly verifying email addresses and payment details before proceeding with transactions.

If you’re worried that you may have sent money to a scammer, you should call your bank immediately.