Our relationship with our banks is increasingly an online (and occasionally on-telephone one). This has brought speed, convenience, and also new opportunities for fraudsters.
We have recently been made aware of the fact that a number of firms have been victim to a fairly sophisticated scam which has allowed criminals to run off with several hundred thousands at a time from their client account.
How the scam works
Jonathan Wyles, of specialist professional indemnity solicitors, RPC, explains the fraud as follows:
- the solicitor receives a telephone call (typically on a Friday), supposedly from your bank's Fraud Unit. They have tended to ask for the Head of Finance/Head Cashier by name.
- This 'bank employee' goes on to say says that they are concerned about possible suspicious activity on the firm's client account, and provides information about genuine transactions from the account which you are able to confirm - thus gaining your trust.
- Then they refer to a number of 'suspect transactions', which are indeed nothing to do with your firm. The 'bank employee' therefore confirms that these transactions will not be processed - but also that the account has been frozen pending an investigation.
- They explain that, in the meantime, payments can still be made - with their assistance.
Where urgent payments have been required to be made, affected firms have been conned into disclosing the secure access details the criminal requires to access the account. Client money is then stolen from the account - and remember, unauthorised payments from your client account amount to a breach of the Accounts Rules - which could have significant regulatory, insurance, and reputational consequences, both for the firm, and for individuals concerned.
Steps to protect your firm
- Circulate this warning to staff, including (but not limited to) your accounts department. Risk-Awareness is the best prevention.
- Never give any access or security information to anyone over the telephone or in an email no matter how genuine they sound.
- Take the callers details and call back. If you receive calls of this nature - ask for the caller's name and department. Do not use the number they have given you to call back on. Use the main contact number you have for your bank (normally your bank client relationship manager).
If you believe you may have been a victim of fraud
- your bank
- the Police
Lockton are liaising with insurers to monitor the prevalence of this fraud. It may be possible for insurers, where more than one example of this fraud has occurred, to co-rodinate recovery action.
Prompt action can help alert banks and police to the issue, and increase the chance of the fraudsters being caught/ reduce the scale of the fraud on your account. Banks will co-operate in attempts to recover funds - which will be easier if funds are still in the UK.
Please get in touch with us if you have had any experience of this type of fraud - successful or unsuccessful.
Thanks to Jonathan Wyles of RPC for his assistance in compiling this alert.