Bank details scam is staging a comeback say PwC fraud experts
Andrew Gordon, forensics partner, PwC said: "Although in 99% of the cases this type of scam fails, in the 1% where the fraudsters succeed, it is very lucrative, with six figure losses by no means unusual. The combination of the current difficult economic climate and continuing pressure in companies to reduce staff headcount, including finance control functions, is definitely encouraging fraudsters to try their luck with this type of scam again."
To avoid being the next victim, PwC forensic experts advise companies to take some simple precautions. The first of these is to check procedures for dealing with such change requests. Their tips include:
- Phoning the supplier using a number taken from their website, ideally speaking to someone you know and have known for some time, to confirm the details of the change.
- Making a note of the call.
- Checking if the resulting change to the supplier master file requires a senior level of dual authorisation, for example, the same as for authorising a salary payment run.
- Confirming the change back to the customer in writing, preferably before processing the next payments.
Gordon added: "Companies should also watch out for the giveaways. For example, the letter will often include the invitation "in order to confirm this instruction, please call me on my direct dial number xxx" - this will be an unconnected rented line or a service office manned by the fraudsters.
Businesses should make sure they don't disclose more than they need to
"Similarly they should beware of supposedly confirmatory emails from almost identical email addresses, such as .com instead of .co.uk, or an address that differs from the genuine one by perhaps one letter that can be easily missed."
PwC also advises warning staff of the potential for such a scam because before sending the letters, the fraudsters will often make "pretext" calls to try and get information to increase their chances of success. This includes asking for the names or direct telephone numbers of people in the accounts payable department, or the supplier reference number for a particular supplier or to confirm month-end balances payable. Information is also gathered by fraudsters through Freedom of Information requests and via compulsory public sector disclosure requirements. Businesses should make sure they don't disclose more than they need to.
Gordon concluded: "Don't forget to consider also the inside job. Is there anyone in your organisation who could create such a letter him/herself, and then arrange for a supplier's bank details to be changed? If so, that person probably has too much authority. Segregation of responsibilities between processing and approval remain key along with regular reconciliations and follow up of exceptions."
Source: PricewaterhouseCoopers
PwC firms provide industry-focused assurance, tax and advisory services to enhance value for their clients. More than 161 000 people in 154 countries in firms across the PwC network share their thinking, experience and solutions to develop fresh perspectives and practical advice.
Go to: http://www.pwc.com