After receiving phenomenal positive feedback at our previous live cyber exercising workshops in Edinburgh and Aberdeen, the Scottish Business Resilience Centre organised another Exercise in…
From 19th to 23rd October is Charity Fraud Awareness Week, as such seconded police officer, Angela Brand, has put together advice on various types of fraud to look out for, and what you need to do.
Today we’re looking at Mandate fraud.
Fraud is one of the biggest threats for UK businesses due to its complex nature, the constantly evolving methodology, and the fact that it is often cyber-enabled. It is also difficult to detect and costly to investigate.
One of the most prevalent forms of fraud is known as mandate fraud, which costs businesses millions of pounds annually.
Mandate fraud occurs when an individual contacts a business under the pretence of being a legitimate organisation and asks them to amend a standing order or direct debit.
They will then provide a new sort code and account number, thereby re-routing all future payments into a fraudulent account which is under their control. Mandate fraud can also occur when an online business account is hacked into by fraudsters, and a bank mandate is amended to divert funds into their own fraudulent bank account.
Serious Organised Crime Groups
Serious Organised Crime Groups will frequently use this method to defraud businesses as it is relatively low risk, however, the likelihood of acquiring a significant sum of money in any single transaction is high. These Groups are actively targeting organisations across the public, private and third sectors, and latest figures suggest that this type of fraud cost UK businesses close to £100 million during 2018/2019. Public sector organisations are particularly vulnerable to mandate fraud given the high volume of financial transactions occurring on a regular basis.
Money recovery issues
Often, a business will not realise that they have been the victim of fraud until the genuine organisation contacts them to discuss arrears on their account; or the business themselves contacts a supplier to report a missed delivery or some other disruption to provision of service. Given the time delay between the execution of the fraud and the financial loss being discovered, it is highly unlikely that the money will ever be recovered.
Fraudsters will carry out research to identify business connections for any given organisation so that they appear more credible to potential targets. This information is often freely available online and contained within company websites. They will invest time in appearing genuine – for example, they are prepared to spend time talking at length with their intended target in order to gain their trust.
Whilst it is difficult to completely eradicate the risk of fraud, there are simple steps which all businesses can take to lower their risk of falling victim to a fraudulent scheme. Regular fraud-prevention training, the implementation of set procedures for handling financial requests, and robust cyber security will all contribute to a more resilient business environment.
The following are some helpful DOS and DON’TS to consider when dealing with requests to amend bank mandates.
· Be extremely wary of any person asking you to amend a standing order or direct debit, regardless of who they say they are, or the name of the organisation provided. Whenever possible, re-contact the organisation directly to ascertain if the request was genuine.
· Check any contact information provided in the request carefully and compare it to the details for the organization which are held on file and that you know to be correct. Fraudsters will send out letters with fake letterheads which appear credible or will call from ‘spoofed’ telephone numbers which resemble legitimate ones.
· Be aware of your key suppliers, partners, and organisations with whom you do business, and keep up-to-date records of key contacts in each organisation.
· Carry out an ‘open source’ check of any new bank details you are given, that is, type the details into an internet search engine. This will give you the geographical location of the bank which you can compare against that of the organisation.
· Implement a two-step authorisation process to ensure a senior member of staff must approve any changes to financial records.
· Keep financial records up to date and audit them regularly, reporting any anomalies immediately. If you suspect that you have been a victim of fraud contact Police Scotland on 101.
· Leave documents with financial information lying out in public view or in an easily accessible location. A clear desk policy will avoid any unintentional disclosure of financial information to potential fraudsters.
· Disclose sensitive financial information over the telephone, via e-mail, or even in person, if you are in any way unsure of the person to whom you are talking; regardless of how plausible they seem, or how persistent they may be.
· Give in to pressure or threats that it is a time-sensitive issue or an urgent matter. A genuine organisation will have no issues with you verifying a request, however a fraudster will often try to pressurise you into acting immediately.
· Discuss any aspect of your business on social media unless it is through approved corporate channels – criminals routinely check social media sites to gather information on potential targets.
For more guidance on Mandate fraud, download this document from Police Scotland, Action Fraud and The National Anti-Fraud Network.