The MD of a medium-sized construction business in Yorkshire has revealed how his business was the victim of so-called ‘mandate fraud’.
Mandate fraud, also known as payment diversion fraud and business email compromise, tends to affect businesses and customers where electronic financial transactions are common, such as the construction industry, according to the not-for-profit North East Business Resilience Centre (NEBRC).
Identified only as Tom, the MD of the Yorkshire business revealed that one of his clients fell victim to mandate fraud, meaning their payments due to his business were sent unwittingly to a criminal.
He said: “We had a customer who owed us a substantial amount of money and when we were chasing them for our monthly payment they announced they had already paid us – which they hadn’t.
“They showed us an email purporting to be [from] our offices that was instructing them to change our payment banking details and they paid our monthly payment into someone else’s bank account on what seemed to be our instruction. We never thought we were vulnerable to this sort of thing, and obviously it causes an awful lot of stress.”
“The construction industry needs to be aware of this threat and ensure they have robust systems and checks in place.”
NEBRC, which advises businesses on how to prevent and recover from such fraud, explained that scams are becoming ever more sophisticated with the criminals often creating fake email addresses that are very similar or identical to genuine businesses, down to the e-signatures and disclaimers. These direct payments from businesses and customers go straight into the criminal’s bank account where it is quickly moved on. The scammers do their homework and will often go to extraordinary lengths to mimic their victim’s online presence and email branding.
Supt Rebecca Chapman, head of the not-for-profit NEBRC, said: “Mandate fraud aimed at construction businesses is becoming more commonplace as the nature of the sector with complex supply chains, multiple third-party contractors and a fast-moving work environment often means there’s little time to double check authentic-looking requests that come in on email.
“But the construction industry needs to be aware of this threat and ensure they have robust systems and checks in place. The NEBRC can advise businesses who don’t know where to start with audits to check current security measures, IT enhancements and, most importantly, staff training. It only takes a split second for a member of staff to unwittingly allow a mandate fraud to take place, and the criminals will take no time at all to move any monies on from genuine customers and bank accounts.”
It is estimated that mandate fraud costs the UK more than £100m annually, with the average loss per business around £27,700. In 2019 alone, 3,577 instances were reported to the police. One historical mandate fraud cost a single construction company £1.1m.
Don’t miss out on BIM and digital construction news: sign up to receive the BIMplus newsletter.