Mandate fraud is where a fraudster sends an email to an organasation or individual posing as a supplier or business they have been dealing with, and claim to have changed their bank details. They then simply request that the payment via direct debit, standing order or bank transfer is made to the new bank account which is actually the account controlled by the criminal.
Criminals will look to identify suppliers of services that you or your organisation use on a regular basis. This can be obtained from details of contracts awarded or other information which is published on websites and social media.
If the payment is made as requested, the fraud is complete.
Action Fraud has put together some simple advice to help businesses protect themselves from Bank Mandate fraud - these are imortant points to share with any staff who may be respobsible for paying suppliers:
STOP: If you receive a request to make an urgent payment, change supplier bank details or provide financial information, take a moment to stop and think.
CHALLENGE: Could it be fake? Verify all payments and supplier details directly with the company on a known phone number or in person first.
PROTECT: Contact your business’ bank immediately if you think you’ve been scammed and report it to Action Fraud.
INTERNAL PROCESS: Establish robust internal processes for handling changes to payment details. For example, only designated employees should be able to make changes to payment arrangements.
DATA SECURITY: Invoices, payment mandates, and other documents containing sensitive financial information should be stored securely and only be accessible to those staff that need them to perform their duties. Sensitive documents should be shredded before they are disposed of.
You can find more advice and information about Mandate fraud and how to report it on the Action Fraud website