21 March 2019 - Article
The impact of fraud on a charity can be devastating, not only is fraud likely to result in financial loss but it could also have a negative effect on a charity’s reputation. We have recently seen a number of charities fall victim to bank mandate fraud. You may also have seen the Charity Commission’s newsletter dated 29 July 2013 which illustrates an increase in fraud in the last year.
How does the fraud work?
The cases we have seen recently follow a familiar pattern:
Step 1 – Fraudsters hijack the identity of organisations or individuals to whom charities make regular payments. Often, this is done by hacking into their emails.
Step 2 – Using the stolen identity fraudsters instruct the paying charity to make future payments to a different bank account.
Step 3 – The charity makes the payments to the new (false) bank account.
Step 4 – When the third party eventually contacts the charity to chase the payment, which it has not received, the fraud is unearthed. The charity still owes money to the third party.
Any email or letter seemingly from an organisation or individual to whom you make regular or large payments asking you to send them to a different bank account, even at the same branch.
Even if the email is from an address you recognise, or the letter appears to be on the right letterhead with what looks like the correct signature and the timing of any communication ties in with an upcoming payment, this could be a fraud.
Fraudsters can generate emails or documents which look convincing. They may also have inside help with choosing targets and preparing communications.
What can you do?
We suggest that you urgently review your anti-fraud measures including:
- Always confirm change of bank account requests with the company making the change, using existing contact details not those from the letter or email requesting the change.
- Set up designated individual contacts with companies to whom you make regular payments.
- Instruct staff with responsibility for paying invoices to check for irregularities and raise any suspicions with the company requiring payment, remembering that the contact details on the invoice may not be genuine.
- Following payment of an invoice send a quick email to your contact at the beneficiary company informing them payment has been made and to which bank account (for security reasons do not give full details of this account).
- Review all change of account details already provided to you and acted upon to confirm authenticity.
What should you do if you believe you are the victim of this fraud?