What is Mandate and Whaling Fraud?
Mandate fraud is when a person, who claims to represent a supplier, asks an organisation to change its bank transfer mandate into a different account without the genuine supplier knowing about it. The new account is usually one held by the fraudster. This has been occurring nationally and some public sector organisations have lost substantial amounts of money as a result of this type of fraud.
Mandate fraud attempts occur via emails or phone calls, but most commonly by post.
A recent example of this is of a letter purporting to be from a construction company which had completed work for a council. The letter advised the council that the construction company’s bank account details had changed and asked the council to amend their records accordingly - meaning that any future payments from the council were sent to the fraudulent account instead. The name ‘Darren Moore, Director of Finance’ is frequently associated with these Mandate fraud attempts.
Whaling fraud is a growing threat to local authorities and attempts have been detected in our region. Unlike mandate fraud, specific people in an organisation will be targeted to try to extract money.
A typical scenario involves a request from a senior member of staff (Chief Executive, Director of Finance etc...) asking for an urgent payment to be made. Email addresses are faked so the communications appear genuine. Fraudsters will also monitor social media to time their emails when senior members of staff are out of the office so making it harder for staff to verify the request.
How can I spot these types of fraud and what can I do about it?
To try to spot and prevent this type of fraud:
Always review invoices to check for inconsistencies and obvious errors. Don’t assume a letter is genuine just because it comes in on correctly headed paper.
Treat unusual requests for payments extremely cautiously. Always try to speak to the person face to face or by phone, rather than relying on email.
Always verify changes to financial arrangements with the organisation directly, using established contact details.
If you are concerned about the source of a call, ask the caller to give you a main switchboard number for you to be routed back to them. Alternatively, hang up and call them back using established contact details.
Look closely at email addresses. If you are unsure then right click on the address and select Outlook Properties. If an email address has been spoofed then the actual email address will appear.
Who can I report fraud to?
If you suspect that you have been targeted by this type of fraud, please report this to Veritau on the Fraud Hotline on 01904 552935.
For more information on International Fraud Awareness Week, visit www.fraudweek.com and look out for #FraudWeek on social media.