How To Protect Your Business Against Mandate Fraud During COVID-19
Fraudsters will exploit the current global situation more than ever before so it's important to protect your business against mandate fraud.
Dated: 23 March 2020 Author: Allan Maund, Head of Compliance and Risk
Whilst we all like to think the best of people during times like these, fraudsters will exploit the current global situation and they will target you or your business more than ever before. One of the most prevalent schemes will be mandate fraud schemes.
What is mandate fraud?
Typically, a fraudster contacts an employee, usually in the accounts payable department, pretending to be from one of the company’s suppliers. The fraudster advises that the supplier’s bank details have changed and asks the employee to update the company’s records. There are several ways in which fraudsters can initiate false payment instructions. These include hacking into email communications between professionals and their clients or sending false email instructions purporting to be individuals from a supplier or third party.
There will be variations to above scenario, this will not be limited to suppliers. This will likely include email communications from insurers, government agencies, grant and loan schemes, banks and law firms. There will be a myriad of information in the coming weeks so it is vital you inform and educate your employees that you will be susceptible to mandate fraud schemes.
It is paramount you put in place procedures and controls to prevent you or your business becoming a victim.
How to protect yourself
- Always emphasize the importance of following company procedures.
- Following contact from a third party requesting a change in their contact details, do not use any contact details on a change request email. Only use a previously agreed telephone number and where possible only speak with a named contact in the organisation.
- Do not reply to the email you have received to confirm or authenticate payment details. There continues to be an increase in hacking of email servers and accounts to facilitate this fraud.
- Where you have received a telephone call from a third party, do not take assurance the caller display number is genuine. Caller displayer spoof software can be purchased for a few pounds.
- Do not confirm or provide any contact details at the initial call. Inform them you will call them back on the number you have for them on file. If you do not have a number, you may consider obtaining this number from a secure website.
- Return the call using a different telephone. It is not unknown for some fraudsters to keep a telephone landline open.
- Consider an appropriate fraud prevention measure eg send by post a request to amend bank account details form to be signed by their finance director or company secretary to confirm the change of bank account details. This should only be sent to the registered address for the company.
- Information provided on the amendment form should be checked against your existing records before any change is made.
- A senior member of the finance team should always review any change of bank account details and the completed document before authorising the form.
- A dual control procedure prior to authorising payments should be implemented.
- Ensure dual control is in place whereby the same employees cannot both post and approve transactions on the banking system.
Need further assistance?