They pretend to be one of your clients/suppliers
How does it work?
A business is approached by somebody pretending to represent a supplier/service provider/creditor. These approaches can be made over the telephone, by letter, fax or email. The fraudster requests that the bank details for a payment (i.e. bank account payee details) of future invoices be changed. The new account suggested is controlled by the fraudster.
What can you do?
As as Business
- Ensure that employees are informed and aware of this type of fraud and how to avoid it;
- Implement a procedure to verify the legitimacy of payment requests;
- Instruct staff responsible for paying invoices to always check them for any irregularities;
- Review information posted on your company website, in particular contracts and suppliers. Strongly advise your staff to limit what they share about the company and work place on their personal social media accounts;
- Always contact the police in case of fraud attempts, even if you did not fall victim to the scam.
as an Employee
- Verify all requests purporting to be from your creditors, especially if they ask you to change their bank details for future invoices;
- Do not use the contact details on the letter/fax/email requesting the change or verification. Use those from previous correspondence instead;
- Set up designated Single Points of Contact with companies to whom you make regular payments;
- For payments over a certain threshold, set up a dedicated system to confirm the correct bank account and recipient (e.g. a meeting with the company);
- When an invoice is paid, send an email to inform the recipient. Include the beneficiary bank name and the last four digits of the account to ensure security;
- Restrict information that you share about your employer on social media;
- Report the fraud attempts to your management or relevant department.