The impact of fraud on a charity can be devastating. It is likely to result in financial loss, but could also be very damaging to a charity’s reputation.
Our firm has recently seen a number of charities fall victim to bank mandate fraud, but vigilance and an awareness of the warning signs will equip you to protect your charity from it.
How does the fraud work?
The cases we have seen follow a familiar pattern:
Step 1 - Fraudsters hijack the identity of organisations or individuals to whom charities make regular payments. This is often done by hacking into their emails.
Step 2 - Using the stolen identity, fraudsters contact the charity and instruct it to make future payments to a different bank account.
Step 3 - The charity makes the payments to the new (false) bank account.
Step 4 - When the third party eventually contacts the charity to chase the payment, which it has not received, the fraud is unearthed. The fraudster has usually disappeared by now, and the charity still owes money to the third party.
Watch out for any email or letter from an organisation or individual to whom you make regular or large payments that asks you to amend payment details and to send the payments to a different bank account, even at the same branch.
Even if the email is from an address you recognise, or the letter appears to be on the right letterhead, with what looks like the correct signature and the timing of any communication ties in with an upcoming payment, this could be a fraud.
Fraudsters can generate emails or documents that look convincing. They may also have inside help with choosing targets and preparing communications.
What can you do?
We suggest that you urgently review your anti-fraud measures:
- Confirm every change of bank account request with the company making the change, using existing contact details and not those from the letter or email requesting the change.
- Set up designated individual contacts with all of the companies to whom you make regular payments.
- Instruct staff with responsibility for paying invoices to check for irregularities and raise any suspicions with the company requiring payment, remembering that the contact details on the invoice may not be genuine.
- Following payment of an invoice, send a quick email to your contact at the beneficiary company informing them payment has been made and to which bank account (for security reasons, do not give full details of this account).
- Review all change of account details already provided to you and acted upon to confirm their authenticity.
What should you do if you believe you are a fraud victim?
- Notify your insurers.
- Report this to Action Fraud.
- Contact your legal adviser immediately – they can put a stop on bank accounts, advise on how to recover the money and help you to deal with the police.
- Ensure you report the matter to the Charity Commission.
Fiona Simpson is special counsel at Withers