Charities are being warned about the dangers of fraud after new figures show that reported losses reached almost £8m in 2018/19, with poor employee training identified as a contributing factor
The figures, obtained by RSM via a freedom of information request to Action Fraud, the UK’s national fraud and cyber-crime reporting centre, reveal that charities submitted 1,057 reports about fraud in 2018-19, with average losses per case totalling £7,428.
Employee fraud accounted for the highest level of fraud losses (£1.685m), followed by abuse of a position of trust (£1.627m) and mandate fraud (£1.232m).
The highest number of identified complaints were about mandate fraud (173), followed by employee fraud (95) and hacking (62).
Mandate fraud occurs when an employee is tricked into changing a regular payment mandate such as a direct debit, standing order or bank transfer and redirecting it into a fraudster’s account.
Typically, a fraudster will contact an employee via email purporting to be from a supplier that receives regular payments. Often, these approaches can appear plausible as the fraudsters obtain details of staff members’ names and departments during phishing attacks. Fraudsters also use hijacked email accounts and lookalike domain names to trick recipients into thinking the requests are coming from a genuine email account.
The bogus supplier will explain that as they have changed banks, the standing order will need to be updated with the new account details. In many cases the scam will only come to light when the real supplier chases for payment, which can be many months after the first transfer of money.
Nick Sladden, RSM’s head of charities, said: ‘While this data is unlikely to show the true level of fraud affecting charities, it is quite revealing about the types of fraud to which charities are most regularly falling victim.
'Mandate fraud appears to be a particular problem, with affected charities losing over £7,000 on average. Frankly, if staff receive the right training and if the correct controls are in place, there's no reason why these types of fraud attempts should be successful.’
To avoid mandate fraud, Action Fraud advises organisations to verify new payment instructions by contacting the supplier directly using contact details held on file.
'It's also clear that some charities need to keep a closer eye on their employees – and on those in positions of authority. While no-one wants to work within a culture of distrust, charities still need to be alert to the threat of insider fraud and ensure that proper checks and balances are in place to minimise the risk.’
Pat Sweet | 05-08-2019