The scam operates by an innocent recipient receiving an email or letter informing them that a supplier of theirs is changing their bank account details. The correspondence will almost certainly include the details of the new account. The letter/email will ask you to update your records accordingly with the consequence that future payments will be made to this account. The details are, of course, fraudulent with the consequence that monies are paid to the fraudster and not the supplier.
- Maintain a good relationship with existing suppliers and know your contacts whom you should be able to liaise with.
- Ensure that you confirm any change of banking details with someone you usually deal with at the organisation before making any changes to beneficiary accounts. When calling the organisation to confirm the changes to banking details, use a number from the telephone directory and not the number on the letterhead or email as you will most likely be calling the fraudster.
- If talking to this ‘supplier’ on the telephone beforehand, they may ask about when you last sent payments to them, looking to see if you are still an active client. Again, ask to speak to contacts that you recognise and if necessary ask your contact to call you back.
- Question whether well-known companies would change their banking details without notifying people through more formal channels.
- Beware of supposed confirmatory emails from almost identical email addresses, such as .com instead of .co.za, or addresses that differ from the genuine one by perhaps one letter that can be easily missed.
- Instruct staff responsible for paying invoices to scrutinise invoices for irregularities and escalating suspicions to a known contact.
- It is essential to make sure that you are certain of the identity of the person your business is dealing with at all times. Consider setting up designated ‘Single Points of Contact’ with companies to which you make regular payments.
- Ensure that your company’s private information is not disclosed to third parties who are not entitled to receive it, or third parties whose identities cannot be rightfully verified.
- Rather shred your business and suppliers’ invoices or any communication material that may contain letterheads, than to discard in rubbish bins.
- Consider reviewing previous requests to change account details to confirm whether they were genuine or not.
- To avoid your customers acting on an instruction allegedly from you, alert them to this type of fraud.
What can you do as a victim of this type of fraud?
If you have been a victim of this type of fraud, notify the Police immediately.
- You can also commence with a civil recovery of these monies against the fraudster. It may also be necessary to use tracing proceedings to trace the identity of the fraudsters or even freezing injunctions to freeze their assets of the fraudsters.
- Finally, check with your insurer to see if it is an insurable loss.
Please remember that electronic payments are made based on the account number only. Any account name given is not routinely checked as part of the automated payment process. It is your responsibility to ensure the account details being used are correct, by conducting an independent verification.