Businesses are being warned about the dangers of mandate fraud after new figures show that reported losses reached almost £100m in 2018/19.
The data, obtained via a freedom of information request by RSM to Action Fraud, the UK’s national fraud and cyber-crime reporting centre, revealed that businesses submitted 3,577 reports about mandate fraud in 2018-19 with total reported losses rising to £99,283,213, a rise of 28 per cent over the previous year.
The average amount lost by each business was £27,756. This was 24 per cent higher than the year before.
Mandate fraud occurs when an employee is tricked into changing a regular payment mandate such as a direct debit, standing order or bank transfer and redirecting it into a fraudster’s account.
Typically, a fraudster will contact an employee via email purporting to be from a supplier that receives regular payments. Often, these approaches can appear plausible as the fraudsters obtain details of staff members’ names and departments during phishing attacks.
The bogus supplier will explain that as they have changed banks, the standing order will need to be updated with the new account details.
Often the scam will only come to light when the real supplier chases for payment. In some cases, this can be many months after the first transfer of money.
Akhlaq Ahmed, forensic partner at audit, tax and consulting firm RSM said: ‘Mandate fraud is not a new phenomenon, but it's very concerning that the average amounts lost to this type of fraud are rising sharply.
'If staff receive the right training and the correct controls are in place, there's no reason why these fraud attempts should be successful.
‘While some larger businesses may be able to absorb the losses, for smaller companies already struggling with cashflow issues, a loss in the tens of thousands can prove critical.'
To protect themselves from falling victim to mandate fraud, businesses are advised to do the following:
- implement training programmes for staff, particularly those in the finance function, so they are aware of the risks;
- consider running an ethical hacking exercise to test resilience to phishing attacks;
- verify all requests for amended payments by checking directly with the organisation or supplier in question;
- monitor bank statements regularly and report any suspicions to the bank and the police;
- notify the supplier organisation that has been impersonated; and
- never leave invoices or regular payment mandates on display for others to see.
Complaints to ActionFraud from businesses about Mandate Fraud
|NFIB5D - Mandate Fraud||Total amount of loss||Number of complaints||Average loss per complaint|