Fraud Alert - 5 key tips

Filed under:

This is a reminder that instances of bank fraud are rife at present, and have been for at least a couple of years. The fraudsters are using very plausible and effective methods to dupe businesses.

I keep hearing of people who have been caught out, usually for thousands but often tens of thousands of pounds. Because of the way it is done, there must be people who have been caught out for even larger sums. According to UK Finance almost 43,000 business fell victim to this scam in 2017, losing an average £5,500 each.

Read on for what should you look out for and what can you do about it.

What to look out for

Typically what happens is that an accounts department receives a notification of a change of bank account for a frequent supplier. If actioned, the next payment to that supplier will result in payment to the fraudsters account. The payment is authorised and thought be valid because it is for a known supplier and known purchases. Payments may be quite large. Funds are very difficult to recover once this point is reached. .

Another example might be an urgent request from the managing director to the financial controller/ finance manager for a transfer of funds to Company x, quoting bank details. The email may be very plausible, in good English, employing the kind of phrases typically used by the managing director, and referring to a known event or situation, such as the conference the MD is at. Emails requesting confirmation get believable responses.

This is an example of a “man in the middle” attack, where the fraudster has gained access to email accounts. They may even be able to access both sides of the email correspondence, such that they can intercept both the MD’s and accountant’s emails so neither sees what the other has written, so the usual warning signals don’t get through. They have been reading correspondence and are able to mimic the styles of the participants.

How do you protect yourself against this?

1 – Ensure that the accounts department has a clear process to deal with payments, new suppliers, and new bank accounts, that each person involved knows well;

2 – The process should include an independent check on new bank accounts. For example, an email request should be checked by phone to a responsible senior person in the organisation, ideally someone other than the person making the request;

3 – For obvious reasons, don’t do the ‘independent’ check using the contact details provided in the original request. It could well be the fraudster. Find the contact by a different method so as to bypass the fraudster. The website address and phone number in the email are not independent;

4 – Be alert. These frauds work because they appear to come from people you trust, carrying on normal business. There will still be clues. The fact of a new bank account. A sense of heightened urgency might be another clue. An odd phrase in a sentence. Of course, the kind of manager who makes everything urgent and critical means that clue won’t be there. It just makes the accounts department’s job harder;

5 – Employ two-factor authentication for password setup and change passwords occasionally. Easy passwords are a route in, including to the email server.

Please don’t think “process” is just more unnecessary bureaucracy. Think about how you’ll feel when £50,000 has just been paid out to the wrong people.

A safe approach will keep you wealthy.

About the author

Ivor Middleton

Specialities:

  • Science and technology
  • People businesses
  • Manufacturing
  • Complex business modelling

Ivor Middleton

Ivor is a qualified Chartered Management Accountant with over twenty years experience in industry, most of which has been spent supporting managing directors and their boards. He has worked for blue chip PLCs like RTZ, George Wimpey and Informa, and has been a portfolio FD for over ten years supporting a wide variety of businesses. He has helped to diagnose and solve poor performance; provided the confidence that enabled raising tens of millions of pounds and won large contracts; and made decisions easier by improving the information needed to make them.

Ivor is a member of FD4, which is a network of experienced commercial Finance Directors that are passionate about adding value to Companies. They are engaged Part Time (on an hourly or daily basis) to do the work of a full time Finance Director, but at a fraction of the cost. They specialise in Exit Planning; Cash Generation and Performance Improvement, see more at www.fd4.co.uk

See more posts by Ivor Middleton