The National Crime Agency is warning contractors against the growing threat of mandate fraud after companies lost millions during a series of payment swindles.
The agency is issuing an “amber alert” to the industry following 34 reports of mandate fraud so far this year in which contractors were conned out of amounts of up to £1m plus.
Mandate fraud involves criminals contacting contractors posing as a supplier or subcontractor.
They then advise the company that their bank account details have changed in a bid to divert payments into a bogus account leaving the legitimate supplier and conned contractor out of pocket.
The agency and the National Fraud Intelligence Bureau said that reports of mandate fraud in the construction industry have increased steadily over the last year.
The majority of victims were large civil engineering contractors.
Most approaches to companies were by email (56%) using either the construction company’s email address or a similar one.
Other victims have been contacted by telephone (21%) or by letter (18%).
The agency warned:
- The letters sent may appear as genuine letters on company headed paper and signed off by the company directors or accountants.
- The letters will provide details of the new account with the wording that “these amendments should take place immediately”.
- There does not appear to be a preferred bank for the change of account details.
It also issued the following checklist to prevent mandate fraud:
- Ensure that all financial paperwork is shredded to avoid theft of the company identity/logo and prevent the bank details being obtained by others.
- Employ due diligence checks, i.e. any notification of a change of bank account should require further verification by contacting the supplier/customer directly before implementing any changes. A single point of contact should be set up within each business on a pre-agreed number who can verify any legitimate changes.
- Internet and email users should be encouraged to change their password regularly to avoid criminals accessing their accounts. Companies should regularly check their emails, websites and bank accounts to ensure these details are not being hacked.
- Ideally every employee of the company should have their own computer and log-in details to avoid criminals hacking into multi-user computers easily.
If you believe your company has been a victim of mandate fraud then you can report this to Action Fraud by visiting hereor by contacting 0300 123 2040.