In 2018/2019 UK businesses lost almost £100,000 million to Bank Mandate fraud.
Serious and Organised Crime Groups continue to profit from fraudulent schemes that target organisations as well as individuals. The fraud takes place when someone, claiming to represent an organisation you pay regularly such as a supplier, membership or subscription service, makes a request that a bank transfer mandate is changed.
The fraudster can identify suppliers of services you or your organisation use on a regular basis. These can be obtained from details of contracts awarded, or other information, which is published on a website.
After payment is made the fraud is complete. This criminality is constantly evolving and can be cyber enabled.
The Highland Hospice in Inverness was the victim of a Bank Mandate Fraud and lost over £500,000. The Divert and Deter team of our Specialist Crime Division has worked closely with the hospice’s Finance Manager to produce a video, which highlights the devastating impact this fraud has on a business and its staff.
Detective Constable Lewis Baird said:
“My sincere thanks go to Julie Douglas and the staff from the Highland Hospice for allowing us to share their story.
“We are hoping that this will help us to continue to raise awareness of this type of fraud with members of the public as well as private and third sector organisations and hopefully prevent them being exploited by these Serious Organised Crime Groups.
Examples of Bank Mandate Fraud
1. Your online bank account is hacked into by a fraudster and monthly payment details are altered so that the money is transferred to the fraudsters account.
2. You are contacted by someone pretending to be from an organisation you have a standing order with and request you change the order to reflect a change in their banking. The standing order mandate is changed accordingly but next month the actual organisation fails to deliver your products or a membership has been cancelled as they did not receive their payment.
A local authority had numerous construction contractors for the refurbishment of schools. The local authority received an apparently genuine letter from one of these contractors stating they had changed their banking details. No checks were conducted and the bank details were updated. Within a week two payments totalling over £2 million were transferred to a bogus bank account. The fraud was complete and funded Serious and Organised Crime.
An accountant at a charity received a phone call from a male purporting to be from a high street bank. The fraudster’s number was ‘spoofed’ to resemble the banks phone number and the caller stated there had been attempts by a third party to access their account. The fraudster spent considerable time gaining the confidence of the accountant, even sending them a plausible email that looked like it had come from the bank. The fraudster persuaded the accountant to download ‘team viewer’, which allowed the fraudster remote access to the charity’s bank accounts. The accountant was convinced to provide log in details for a second bank account. The fraudster told the accountant that both accounts would be subject to “ghost transactions” to test their security and the money would not actually leave the accounts. However, this was a lie and a six figure sum was transferred to numerous fraudulent accounts. The fraud was complete and funded Serious and Organised Crime.
- Check it twice or pay the price. Carefully check the senders email address to identify if it exactly matches with your known records.
- Make an 'Open Source' check on the internet of the new bank account sort code and account details to uncover: 1 - Location of the bank and check against the location of the company, and 2 - Whether there are any blogs or information available to suggest the communication is a scam.
- Validate all requests for bank account changes using established contact details. Never use any of the contact details contained within letters/emails received; whilst many email addresses appear genuine often there is a minor change. If you are concerned about the source of a call ask them to provide you with a switchboard number or hang up and call them back using an established contact number.
- Enquire over the veracity of the change of bank account details. If the change appears genuine, request that the supplier repeats the request but with details of the previous AND the new bank account details referenced.
- Don’t leave sensitive files like bills lying around. Visitors could look at and record details of standing orders and direct debits.
- Don’t give out sensitive information over the phone, via email or in person to anyone that you are unsure of. Fraudsters will piece together snippets of information from different sources to allow them to commit fraud. This is known as ‘Elicitation.’
- Don’t feel pressured to disclose information. Bank Mandate Frauds are often accompanied by routine conversation followed by a ‘switch in tempo’ and an urgent request. Nothing is so time critical that it can’t wait until you have verified who you are dealing with.