As a business you are contacted by someone pretending to be one of your suppliers, informing you that they have changed their bank details and requesting that you amend your records to reflect this to ensure that subsequent invoices are paid to the new account. As a result your bank mandate is amended to the account details provided. You are later contacted by your genuine supplier asking what has happened to the payment.
This is also known as Mandate Fraud. The most common form involves the fraudster sending a letter or email to staff within a finance office impersonating a genuine company that they do business with. The letter will state that the company has recently changed bank account details and all subsequent invoices, direct debits, standing orders or bank transfer mandates should be paid to the new account details. Another method involves an email to finance staff purporting to be from a senior manager within their own company requesting that the details for a supplier are amended.
Prevention - advice
- Organisations may wish to ensure that all staff, not just those in finance teams, are aware of this type of fraud and of company procedures to help identify and prevent attacks. In particular, ensure that staff members covering roles during annual leave periods are vigilant and are aware of these threats.
- Ensure staff always double check any changes to financial details, such as the account to which payment is to be made, by contacting the company using the established contact details which are on file or from their official website. Never respond using the contact details provided by the person requesting the changes to financial details. Where possible, make contact via email and telephone in case one has been hijacked by the fraudsters, to check that the request has come from the genuine supplier.
- Always contact suppliers for payment of larger invoices in advance of making payment to ensure that payment is made to the correct bank.
- Where possible establish at least two specific points of contact with suppliers to whom regular payments are made so that all invoice issues can be raised and confirmed with them.
- Once payment of an invoice has been made, immediately contact the supplier with details of the payment made, including the name of the beneficiary bank and the last four digits of the account number to which the payment was made.
- Always take time to review invoices to check for inconsistencies /errors e.g. misspelled company name.
- Consider what information is publically available about the business and whether it is really necessary to publish information that may be helpful to fraudsters.
- Never leave invoices unattended in the office or on a desk.
- Ensure your computer systems are secure and that anti virus software is up to date.