28 Jun 2019
Dodgy dealing has come along way over the years, gone are the good old days’ as some may see it, when a little bit of petty larceny was seen as a fair contest between the ‘punter,’ the police and the villain.
I had the following text come through to me this week from Barclays’. It was a very enlightening piece and goes some way to show the extent of the problem that consumers, businesses and banks face and how you and your clients can do a bit more to keep themselves safe. As the BBC may say, other banks will also have some useful links and intelligence to share but do read this at least.
Criminals are turning to sophisticated methods of scamming businesses out of money, convincingly posing as regular suppliers to trick them into changing supplier bank account payee details.
“Despite £93m being lost to invoice fraud last year, over 43% of businesses aren't even aware of it, let alone the threat it poses¹.
The process of changing the bank details for someone you're paying should always be treated with extreme caution.
How it works
A criminal contacts you, posing as a genuine supplier, and asks you to change the bank details you use to pay them. It's not hard for criminals to investigate your invoice details, even down to payment dates, to make their approach look more convincing. The message will often have a sense of urgency, and ask you to act immediately.
The fraudulent letters and emails they send are well-written, so the fraud is difficult to spot if you don't have strong operating processes and controls. Email addresses are easy to spoof. If a PC is infected with malware, criminals can access genuine email addresses and take over existing email conversations. Requests made in writing often come on paper with a company's letterhead to make them look convincing.
Four tips to help you stay safe
1. When you get bank account details by email or letter for making a payment, paying an invoice, or as part of for a notice telling you about a change of bank details, always verbally confirm changes by calling a known contact at the company to confirm the request is genuine, using details you have on file and not the ones in the message.
2. Build a process to check new bank details on invoices. Have a clear procedure for making payments in your business, and make sure all your staff know how these scams occur, particularly those responsible for making payments. If you feel pressured or anxious, take your time and ask for help.
3. Criminals can access or alter emails to make them look genuine – hacking real email addresses is on the increase. Do not use the contact details in an email. Instead, check the supplier's official website or documents you know are real. Keep vital security software up to date to help protect your company's devices from viruses and hackers.
4. Help protect yourself against all fraud by making sure we have up-to-date contact details for you and your business. You can update them in your Barclays app², in Online Banking or through your relationship team”.
I would add a fifth tip, something that I think would sort these problems out once and for all.
Make the receiving bank/s responsible, no doubt there could be a number of them from the time the monies leave the first port of call to final destination, but to complete the fraud somebody must eventually be holding the folding.
More checks should be made by banks and for electronic transfers, a clearing system should be put in place to ensure that a recall can be made rather like the system that banks use to clear cheques.
Just a thought?