Main contractor Speller Metcalfe has been hit by a fresh wave of con-artists attempting to trick clients into sending payments to fraudster bank accounts.
In the last week swindlers have written to two housing association clients telling them to amend the firm’s bank details for payments.
The builder has issued a warning so that other firms do not fall foul of the latest out-break of attacks.
The industry was hit by a major case of what is known as mandate fraud several years ago when the Olympic Delivery Authority was conned out of £2.3m.
A spokesman for Speller Metcalfe warned that the latest attempts are becoming more sophisticated, using company logos and project names to make them seem convincing.
Speller Metcalfe and another external partner firm were victims of a similar attack last summer.
The spokesman said: “The first letter sent to a client in Cheltenham contained a few errors but was passable insofar as our client had changed the bank details to those of the fraudulent request and was about to pay out.
“It was only when Speller Metcalfe chased payment and the client confirmed they would send payment to the new bank details that the fraud was identified.”
He said that the second attack proved more sophisticated. A letter was received by a Birmingham-based client attached to an email, which would have read almost perfectly to someone external to Speller Metcalfe.
It came with a fake letterhead, professional approach and tone and forged signature.
Follow-up phone calls were even made to make sure they had received the letter and to confirm the change of account details.
Luckily for Speller Metcalfe, a sharp-minded purchase ledger clerk working for the client flagged up an error in the address on the letter with the finance director – just before the exchange of a significant sum.
The director then called Speller Metcalfe’s accounts team and confirmed existing account details. No money was lost and the incident was investigated by the police.
Andrew James, Partner & Head of Construction and Engineering at Harrison Clark Rickerbys solicitors, said: “Unfortunately this type of fraud and also more sophisticated cybercrime is on the increase, and clients and contractors need to be vigilant.
“For the paying party this can be a real issue because it can still remain liable to pay the original debt, and effectively it could have to pay twice in the knowledge that it will face a difficult claim against the fraudsters.
“In practice, companies do not often change bank accounts, and therefore if you receive such a notification, however genuine it may appear, always get specific confirmation from a current director of the receiving party – preferably both by telephone and in writing – that you are authorised to pay into the new account.”