A charity supporting cancer patients was defrauded of more than £90,000 as a result of a bogus change to a supplier’s bank account details.
The charity received an email purportedly from a regular supplier asking for their bank account details to be changed. The new account information was provided on company letterhead as an attachment.
The request was forwarded to the finance department and processed. Two invoices were then paid to the new account.
The genuine supplier contacted the charity to ask why their last two invoices had not been paid. Internal enquiries established that the supplier’s bank account details had been changed prior to the payments being made.
The letter attached to the email from the supplier requesting the change was found to be fake. It was undated and contained poor grammar. An internet search also revealed that the sort code and account number did not match the stated bank branch.
The charity immediately notified their bank to stop any further payments, freeze the bogus supplier account and retrieve any remaining funds.
A complete review of financial controls and managerial checks was undertaken. As a result, the authority needed to change bank account details in future was restricted to more senior staff.
Category Case studies