Brian Sims
Editor
Brian Sims
Editor
BETWEEN JANUARY and March this year, reports the Construction Industry Council, the construction sector was “heavily targeted” by fraudsters, with the sum of £209,733 having been stolen from construction businesses through payment diversion fraud.
Payment diversion fraud generally involves criminals contacting an organisation’s finance department pretending to be a regular supplier and then asking to redirect future direct debits or invoice payments.
Some of the tactics used by criminals involve impersonation, urgency and secrecy and changed payment details. In terms of impersonation, criminals will make contact over e-mail or phone call, while impersonating existing suppliers or sometimes staff within an organisation.
In terms of urgency and secrecy, criminals will exert pressure on individuals to act quickly and not to share the request with others. When it comes to its bank and future payments need to be paid into the new account.
Advice for businesses
If a company receives a request to move money into a new bank account, a nominated representative should contact the supplier directly using established contact details in order to verify and corroborate the payment request.
It’s Best Practice to establish robust internal processes for handling changes to payment details. For example, only designated employees should be able to make changes to payment arrangements.
Businesses should avoid paying by bank transfer as this method offers little protection if the company becomes a victim of fraud. Instead, it’s best to use a credit card or payment services such as PayPal.
Invoices, payment mandates and other documents containing sensitive financial information should be stored securely and only be accessible to those members of staff that need them to perform their duties. Sensitive documents should be shredded ahead of their disposal.
Suspected fraud
Any business in the construction sector that suspects it has been the victim of fraud should report the episode to the police online at www.reportfraud.police.uk or telephone 0300 123 2040.
While the Police Cyber Alarm service will not help in relation to payment diversion fraud, the tool will assist with internal cyber security. Police Cyber Alarm is a free tool that helps with the understanding and monitoring of malicious cyber activity against an operational network. This service is made up of two parts: monitoring and vulnerability scanning. Visit www.cyberalarm.police.uk/ for details.
It’s a good idea to engage with the local Cyber Resilience Centre (CRC). The CRC Network works with some of the country’s top student talent to deliver 100% funded cyber security services for SMEs (including bespoke staff training, advice on security policies and testing services to identify the organisation’s specific vulnerabilities), thereby improving risk awareness and cyber resilience.
The CRC Network provides long-term support through a customer journey model involving regular and engaging bite-size cyber security guidance for members tailored to specific regions or sectors. This is in alignment with the National Cyber Security Service’s products and guidance. Local CRC’s can be accessed online at https://nationalcrcgroup.co.uk/regional-centres/
Additional support
Further support, information and guidance is available by contacting [email protected] The team offers intelligence-led staff training and awareness. Team members are also the national co-ordinators for the UK Protect Network, meaning that they have cyber and fraud protect officers across the country who would be able to supply on-site awareness training and incident response training for businesses and individuals alike.
*Further information is available online at www.cic.org.uk
Western Business Media Limited
Dorset House
64 High Street
East Grinstead
RH19 3DE
UNITED KINGDOM