While technology presents countless efficiencies in business, it also brings with it a variety of risk. With exponential growth and innovation in this space, regulation and risk management are working tirelessly to keep up.
Recently there has been an increase in online scams relating to fraudulent online payments. This scam involves communication from an unknown, fraudulent source advising that a creditor has changed/ amended banking details. The communication contains a new BSB and account number and the target individual is requested to update the creditors details.
Recently we have seen this occur specifically in the NFP sector, however this type of fraud can impact any business. In the particular examples that came to our attention, two organisations suffered a loss. While internal processes were in place, they were either not robust or not followed completely.
To help you safe guard your business from such fraudulent activity, we have put together 6 simple steps below.
Step 1: In the first instance, do not make changes.
Email is the most common form of unsolicited requests of this nature, however they may also be received via phone. If you receive a request via email do not respond. If you receive the request via telephone, inform the caller you can only initiate such requests if they are received in writing. You must also insist this written notification is received as an original on company/business letterhead. Whether the request is made via telephone or email, you need to verify the sender prior to updating your records or making any changes.
Step 2: Double check your supplier contact
In either instance, review internal records to find a contact name and telephone number from your supplier and contact them directly to enquire if the initial contact (either via email or telephone) was from them.
This contact number should be cross referenced with other sources where possible (i.e. google search), other internal databases.
Step 3: Be in the know and take control
Once you have located your suppliers contact details and/or cross referenced the contact details, be proactive and make contact. Enquire if they initiated the request. Be aware, only discuss the matter if it is clear you have initiated the call. Do not allow yourself to be “called back”.
Step 4: Make demands
If the supplier confirms they have indeed initiated the request reiterate you are only able to initiate the change if it is received in writing, is an original and is on company/business letterhead.
Do not feel perturbed if they make you feel uncomfortable and complain about “red tape”.
Simply explain the increased incidence of frauds of this nature and the procedure is to ensure appropriate controls are in place.
Step 5: Scrutinise
Review the original documents requesting the change when received and contact the individual who has signed the request.
Ensure the contact is made via your own contact numbers and not those on the letter request to hand.
When contact is made, confirm it is genuine.
Step 6: Make it official
Online payment transfer details should also be present on official invoices and you should insist invoices are amended before payments are made to the new account details.
As an aside, these details should be checked every time a transfer is made for all creditors (it is effectively the same as a name on a cheque).
If at any time, you are sceptical or become suspicious that something does not seem correct at any of the steps above, escalate your concerns so they can be followed up appropriately.
We believe it is always better to be safe than sorry. Online scams are becoming increasingly sophisticated and while these steps may appear excessive, it is better to receive complaints about unnecessary “red tape’” than be left “red faced”. While these steps may guide you around navigating online fraud, it pays to complement the internal control process outlined above with a level of “professional scepticism” to such requests.
At Moore Stephens, we help clients everyday identify risks and develop processes to safe guard their business. If you have any questions about online fraud or wish to talk through the issue, please contact your Moore Stephens relationship partner.