Fraud attacks are ever present

As part of my role as an auditor I am required to ask my clients at the planning stage of an audit what fraud they are aware of and which fraud risks they envisage. Most clients seem to have experienced some form attack, even if on the whole they are unsuccessful.

You can imagine my annoyance when I then got some first-hand experience of a fraud attack recently relating to contracts with companies I had no knowledge of: A new contract for a Tesco mobile, followed by opening an Argos store card using the mobile phone number created, followed by creating a Debenham’s store card with a fake copy of my driving licence!

Thankfully I spoke to all the companies involved and alerted them to these fraud attacks and, as I write, I haven’t suffered any damages other than a large amount of time on the phone.

I would like, therefore, to share some experiences of fraud attacks on companies that I hear when I am with clients and ask you to question whether you are properly protected.

An old trick is an attempt to change supplier bank details by way of a letter received. Companies with good control systems will ensure they call the supplier, preferably to a known contact, to confirm details.

Another common fraud attack is the use of the “bogus boss” email where the finance team gets an email purporting to be from the MD demanding payment immediately to a bank account which the fraudster controls. The advice to thwart such attacks has to be that there is an understanding with both parties that payment instructions don’t flow by email, and if they do, they should be confirmed with a personal call.

Rarer are reports of hackings into bank systems where the standing details are amended between set up of payment and approval due to a long lead time between preparer and approver.

The newest one I have come across is where the fraudster redirects the supplier phone number in unison with a change of bank details. Again, having a named contact to call at the supplier gives you a protection but it is worth setting up a password with your phone provider.

I am always shocked by the number of fraudsters and the resources at their disposal to undertake these consistent barrage of attacks. No doubt with more I.T. reliance and automation the fraudsters will invent new ways to cause havoc but it is the human input and control processes that protect you.

Pick up the phone, speak to people and stay safe!

Blog written by: Nigel Goodman

Talk to Barnes Roffe today
Share this page: