Organised crime groups use viruses and other malware to hack into suppliers’ email accounts, then intercept communications between suppliers and the organisations they work with. Common methods of email interception include phishing emails that target specific staff members, spoofing a genuine supplier’s email account, and installing malware on a supplier’s devices.
Fraudsters intercept the emails and can then make changes to their contents, eg adding a line to request that future payments for products or services be paid into an account controlled by the fraudster.
Actions to take
- Raise awareness of interception bank mandate fraud.
- Communicate to your suppliers the importance of keeping their operating systems up to date and secure to prevent phishing and hacking of email accounts.
- Consider adding mitigation clauses to supplier contracts to mitigate your losses from these types of incidents if the supplier is found to be in any way negligent.
- Undertake proactive audits of suppliers with whom you share data or services.
- Ensure you have robust change of bank account request forms (for example, that request details of the last transaction made by the supplier) and processes and, where bank accounts of concern are identified, immediately configure your finance systems to reject them.
- Use bank account verification software to reduce payment processing errors.
- Use external data sources to identify accounts known to be linked to fraudulent activity.
- Staff should apply the usual verification process by using only the details held on file.
- Check bank statements for any suspicious activity
- Contact your bank immediately if any illegitimate payments have been made.
In a mandate fraud, fraudsters contact organisations posing as one of their existing suppliers. They request a change to the genuine supplier’s phone number, then at a later date ask for a change to the supplier’s bank mandate. In this way, call-back checks from the bank are made to the fraudster and the supplier remains unaware of the fraud.
Actions to take
• Raise awareness of bank mandate fraud, and especially ask that employers flag when suppliers request changes to their phone numbers.
• Before responding, check the details of the person making the request and the supplier’s details.
• Requests to change a bank mandate should follow your own organisation’s procedures.
Phishing and fraudulent links
When you receive an email, hover your cursor over the sender’s address and any links in the email. This ‘hover test’ displays the true email address the message has come from and the actual destination of the hyperlinks. It also pays to check that the email address shown is an organisation’s correct email address eg is spelt correctly.
Spotting a targeted phishing email
Identifying fraudulent links
Fake emails often display some of the following characteristics:
- Spelling and grammatical errors.
- Sender’s email address doesn’t correspond with the organisation’s website address.
- The email doesn’t use your proper name, but uses a generic greeting like ‘Dear Customer’ or ‘Hi friend’.
- Creates a sense of urgency: 'act immediately or your account will be locked'.
- Prominent weblink, easily forged and looks similar, but check for character differences.
- A request for personal information such as username, password or bank details.
- You weren’t expecting to get an email from the company that appears to have sent it.
- The entire text of the email is an image rather than the usual text format.
- The image contains an embedded hyperlink that, if clicked, would divert to a bogus website.
- Double check the attachment file. Does it have an unfamiliar extension associated with malware such as: .exe, .scr; .bat.
If you would like to know more on how you can protect your organisation from falling victim to phishing and email scams, please contact: