5 July 2018
How robust are your internal procedures for combating this increasingly common fraud?
A simple fraud that we are hearing more about recently involves a request to change bank account details from someone purporting to be from a supplier.
The fraudsters are researching the suppliers engaged with organisations using public domain information, such as published tender awards or supplier lists. Criminals have been known to pretend to be the company’s auditors!
Minimise the risk
It is therefore vital that control systems ensure that sufficient procedures are in place to minimise any risk. The key control here is to independently verify the change of bank details with the supplier before actioning.
Frauds of this nature involve the criminals obtaining as much information as possible, and sometimes this can involve contacting the supplier by telephone pretending to be from the customer. The fraudster attempts to gain details such as the contact name, supplier code, purchase order details or something else that will make the next step appear genuine.
The fraudster then contacts the targeting organisation, typically with a letter or email, pretending to be from the known supplier. Since the correspondence will contain the correct identifiers such as headers, logos and other information it will appear real. The correspondence will notify of a change of bank details from the existing genuine account to that of the fraudster.
Check, check, and check again
The best way to prevent your organisation falling for such a scam is for all finance staff to remain sceptical and independently check any such bank details change requests. Make contact with the supplier using the original contact details - rather than those provided on the correspondence requesting the change. It would be good practice to request both hard copy and email correspondence of the change if possible. Ideally, obtain confirmation from a known individual contact at the supplier.
Larger organisations sometimes publish information about high-value contracts on their websites. Be mindful that these details are in the public domain. Take particular care for requests for changes related to such contracts and suppliers.
Criminals continually devise new techniques to scam money from all types of organisations. Charities are targeted on the basis that their control systems are not always as strong as they are in commercial organisations of a similar size. Please make sure you do all that you can to avoid becoming a victim of this and other frauds.
For more information please contact your usual UHY adviser or nearest UHY charity specialist.
