Fraudsters cost businesses an average of £23K when they successfully impersonate suppliers
Business losses from mandate fraud more than doubled in the past tax year to reach £77 million.
Companies submitted nearly 3,500 reports about mandate fraud in 2017-18, a rise of 123 per cent over the previous year’s figures of 1,551, according to Action Fraud, the UK’s national fraud and cybercrime reporting centre.
The average amount lost by each business was £22,500, eight per cent higher than the year before.
Mandate fraud is when an employee is tricked into changing a regular payment mandate such as a direct debit, standing order or bank transfer and redirecting it into a fraudster’s account.
Typically, a fraudster will contact an employee via email purporting to be from a supplier which receives regular payments. These approaches are sometimes plausible as the fraudster has correct details of staff members’ names and departments obtained as a result of phishing attacks.
The bogus supplier will explain that as it has changed banks, the standing order will need to be updated with its new account details.
Often the scam will only come to light when the real supplier chases for payment. In some cases, this can be many months after the first transfer of money.
Akhlaq Ahmed, forensic partner at accountant RSM, said: “The doubling of losses from mandate fraud over the last year should be a cause for concern for all businesses.
“Far too many businesses are falling victim to mandate fraud. In some cases, the losses are relatively small, in others they can run into hundreds of thousands of pounds, potentially putting the future viability of the business at risk.
RSM, which obtained the figures from the police’s Action Fraud unit, urged businesses to endure accounts staff are trained to recognise the hallmarks of a mandate fraud attempt.
Other steps that financial directors can take include checking directly with suppliers if an email arrives asking for payments to be amended, monitoring bank accounts regularly and reporting any suspicious activity to the bank and the police, and never leaving invoices or regular payment mandates openly on display.