top of page
  • Writer's pictureKen MacNeill

A Modern Twist On An Older Fraud – Could You Be Next?


Reports this week of a fraud by an “organised and sophisticated crime group” against Luton Borough Council should be a warning for us all. This fraudulent technique started when electronic payment of invoices began. The essence of the fraud is to persuade organisations to change the standing data on bank accounts on their creditors/accounts payable system. Contact is received saying that the creditor has changed their bank account. The next payment is then diverted to the fraudster’s bank account rather than to who should have got it.

Previously, this fraud was often done by a phone call followed by written confirmation of the changes – in one very notable £2.4 million case by fax. If this sounds simple and easy to spot it should be but several major organisations in the public sector were caught out by it around a decade ago.

And here we go again. The modern twist is that the new approach is based on hacking into or impersonating somebody’s email account. So, you get an email from a known contact in a supplier asking you to change their bank account details. But it is not actually them and the rest is easy to imagine.

Stopping these frauds is not difficult. There are Confirmation of Payee services through banks that will help stop fraudulent payments. But there is risk remaining and organisations should ensure that they check any changes to Creditor standing data independently of the original notification. That verification could be as simple as a telephone call to the Accounts Receivable section of the company to confirm the change.

On a wider note, the risks of fraud are changing all the time and reports such as this should be on the radar of every substantial organisation. Updating the risk register with risks like this and ensuring that you are protected is vital. Has the report on Luton been shared in the organisation? Has somebody checked whether it could happen to you? If not, why not???? You could be next – maybe it has already happened! It may be prudent to find out!!!

5 views0 comments
bottom of page