What is it?
These scams happen when criminals pose as a regular supplier and persuade you to change the bank account details you hold on file. You’re then tricked into sending money to the account which is controlled by a criminal rather than the genuine supplier.
Criminals carry out extensive research about your business to find out who your suppliers are and when regular payments are due. These scams often involve a criminal intercepting emails, gaining access to your supplier’s email account or spoofing their emails.
The fraud is often only discovered when the legitimate supplier of the product or service chases for non-payment. At that point recovery of the funds from the fraudulent account is very difficult.
How to spot an invoice and mandate scam?
- You receive a request out of the blue to change the bank details of an existing supplier
- You receive more frequent than usual or duplicate invoices for a product or service
Example of an invoice and mandate scam
Ahmed, a finance manager at a marketing agency, received an invoice for £1,350 from a software company to renew the business’s subscription. The email stated that the invoice was 90 days overdue and immediate payment was required to avoid cancellation. The software was business critical.
Ahmed had several deadlines approaching. With several team members away, he was overstretched and working late most days. Without confirming the bank details with the company, he immediately logged onto his business’s online banking and proceeded to pay the outstanding invoice using the account details provided in the email.
A couple of weeks later, Ahmed received another email from the software company requesting payment for the business’s subscription renewal. Confused he then checked the bank statement and could see he’d made the payment.
Ahmed checked the bank details for XY software stated in previous invoices against those he’d made payment to and realised they were different. He had just lost the business £1,350 due to his carelessness.
If you believe you’ve fallen for a scam, contact your bank immediately on a number you know to be correct, such as the one listed on your statement, their website or on the back of your debit or credit card.