TT Talk - Mandate fraud and CEO fraud: do not be a victim

woman stressed looking at laptop in warehouse

With business transactions and communication handled almost exclusively online these days, there is increased risk of fraud in the fast-paced digital environment, making due diligence more critical than ever.

It doesn’t matter the nature of the services being tendered or whether you are contracting with a supplier on the other side of the world or in the same city, the same fundamental rule around due diligence applies: know at all times exactly who you are dealing with.

As part of our four-part fraud awareness series we focus on the main frauds identified: payment fraud, procurement/billing fraud and carrier fraud. In this, our second part of the series, we highlight one of the most prolific frauds affecting businesses in the international supply chain – payment fraud. While unsophisticated in nature, this type of fraud is unfortunately very effective with losses running into hundreds of millions of US dollars annually. Through practical examples of how the cons work, this article will help reveal how to spot them and, ultimately, how to avoid them. 

There are two main types of payment fraud: mandate fraud (changing existing payment instructions) and CEO fraud (impersonation of company executives). These frauds usually target staff within accounts departments and use spoofed sender email addresses.

A fraudulent party deceives you or your business into changing details of a direct debit, standing order or bank transfer by pretending to be an organisation you regularly pay. Mandate fraud, increasingly known as ‘business email compromise’, typically involves an email, which appears to come from a known supplier. The email will request that future payments for products or services be made to a new bank account, alleging that there is a problem with the account to where payment had originally been requested.

Typically, a criminal will hack into the victim’s email traffic and remain undetected. The trigger for the fraudster is often when a supplier requests a payment. A short period after the original email is delivered the fraudster will send a follow up message purporting to be from the genuine sender. In most instances, the email address will appear identical, possibly changing just one letter or character.

Inevitably, any payment made to the new account will fall under the control of the fraudster. The erroneous transaction will take time to be revealed, and the funds will have been transferred from the fraudster’s account through a series of other banks and lost forever.

Mandate fraud (‘business email compromise’)

What is it?

A fraudulent party deceives you or your business into changing details of a direct debit, standing order or bank transfer by pretending to be an organisation you regularly pay. Mandate fraud, increasingly known as ‘business email compromise’, typically involves an email, which appears to come from a known supplier. The email will request that future payments for products or services be made to a new bank account, alleging that there is a problem with the account to where payment had originally been requested.

Typically, a criminal will hack into the victim’s email traffic and remain undetected. The trigger for the fraudster is often when a supplier requests a payment. A short period after the original email is delivered the fraudster will send a follow up message purporting to be from the genuine sender. In most instances, the email address will appear identical, possibly changing just one letter or character.

Inevitably, any payment made to the new account will fall under the control of the fraudster. The erroneous transaction will take time to be revealed, and the funds will have been transferred from the fraudster’s account through a series of other banks and lost forever.

How it happens – a real life example 

John works in your accounts department. He receives an expected invoice for a recent purchase (say, fuel). The next day John receives a rather urgent email from Sarah who says she works in the supplier’s accounts department, explaining that there is a problem with the usual bank account. She requests that payment be made into an alternative account and provides the details. Whilst John does not know Sarah, he has been arranging payments to the supplier regularly and suspicions are not raised, so makes the revised payment as requested. One week later, Bob, John's usual contact at the supplier, calls stating that the payment remains outstanding and seeking clarity as to when it will be paid. Bob has never heard of Sarah and has no knowledge of the bank account to which the funds were paid. The fraud is successful.

CEO fraud

What is it?

CEO fraud involves an internal email claiming to be from a senior member of staff, such as the CEO. The email asks the recipient to make a payment or transfer funds for an ongoing or new business transaction. Often the payment request is marked urgent and pressure applied to the recipient to make the payment as soon as possible. As above, the payment will be made to an account under the control of the fraudster. 

Fraudsters have the luxury of time to monitor and select their opportunity. They will often elect to strike during known busy or holiday periods, anticipating that there may be fewer people in the office to handle the query. Requests appearing to originate from a well-respected source are likely to attract less scrutiny when there are insufficient systems in place.

How it happens – a real life example 

It is 1630 hrs on Friday. John in your accounts department is completing the last of his routine tasks and looking forward to the weekend. At 1636, he receives an email from his CEO, who is on annual leave, requesting that an urgent payment be processed against an attached invoice. The CEO explains in her email that because this was a one-off purchase, she had forgotten about the invoice and the payment was therefore now urgent, so it must go out before the close of business today. John responds to the email confirming that he will arrange the payment as requested; he processes the transaction at 1700 and leaves the office for the weekend. On Monday morning, John happens to enter the office at the same time as the CEO. He politely asks whether he should follow up and check that the supplier received the funds they exchanged emails about the previous Friday. The CEO has no knowledge of the request or outstanding invoice. The fraudsters had monitored the movements of the CEO, created a copy of her email address and generated a fictitious invoice. 

TT Club’s top 10 tips to avoid mandate and CEO fraud:

  • Create a fraud prevention culture; talk regularly about fraud
  • Encourage personnel to be sceptical; spelling or grammar mistakes often are warnings
  • Consider designating a single point of contact with regular suppliers 
  • Incorporate a multi-step authorisation process for payments, especially large sums; don’t be rushed, always ‘take five’
  • Implement a robust internal escalation process so only those with sufficient authority make final decisions
  • Develop a strict verification process for any changes to existing account details i.e. phoning a known contact to validate a request
  • Keep all standing orders and direct debits, invoices and other business documents in a secure place
  • Treat all company documents confidentially
  • Check your bank statements carefully and report suspicious activity to your bank
  • Take due diligence seriously

-

We hope that you have found the above interesting. If you would like further information, or have any comments, please email us, or take this opportunity to forward to any colleagues who you may feel would be interested.

We look forward to hearing from you.

Peregrine Storrs-Fox

Risk Management Director, TT Club

Downloads

  • TT Talk 274 Chinese Translation 616 KB

    24/05/2021

    Download PDF

Mike Yarwood

TT Club

Date11/05/2021