CLEVELAND (WJW) — Scams can happen to any of us at any time. Recently, The Cleveland Public Library discovered it sent nearly $400,000 to a fake vendor last summer, in what’s called a payment redirection scam.

In its yearly Cleveland Public Library audit, the Office of Ohio State Auditor Keith Faber found the June 2024 payment happened because the library didn’t have proper controls to detect such scams.

Auditors say that library officials changed bank payment information after a request from a scammer pretending to be a legitimate vendor.

The way payment redirection scams work is that scammers will gain access to business email accounts (or else, create a similar-looking email address) and send invoices or requests to update payment information. Because the email appears to be from someone you’re expecting to hear from, consumers will pay their bill unaware the scammer has redirected that money to one of their own accounts.

Luckily for the Cleveland Public Library, all money was recovered.

Its insurance company paid out $350,000 and the actual vendor forgave about $46,000. Officials also recovered about $133,000 from the fraudster’s bank account, which was repaid to the insurer. The auditor’s office said the library immediately implemented multiple vendor verification measures to make sure this doesn’t happen again.

A few ways to protect yourself from payment redirection scams, as explained by the Australian Competition and Consumer Commission, are to take your time. If you receive a bill, check that the email address and payment details are correct before paying.

If you’re worried that you may have sent money to a scammer, you should call your bank immediately.