Cyber-criminals and fraudsters are likely to try to exploit the coronavirus pandemic by targeting Defence workers and personnel, the Ministry of Defence (MOD) has warned.
The MOD has issued a warning to anyone working in the Defence community that a sharp rise in fraudulent activity is expected, as fraudsters look to exploit the disorientation created by rapid changes in procedure in the wake of the COVID-19 pandemic.
Organisations are having to adopt new ways of conducting business with suppliers as they adapt to the challenges posed by the pandemic and fraudsters are likely to seize on the confusion caused by the unfamiliar new ways of working.
In a Fraud Defence Alert, the MOD warned:
“Fraudsters will be looking to exploit business vulnerabilities caused by the COVID-19 pandemic.
“These will include increased pressures placed upon systems and the adapted controls and processes that may have otherwise flagged attempts to defraud the organisation."
The warning said two types of fraudulent activity are expected in particular, including mandate fraud, in relation to bank transfer mandates and direct debits, and CEO fraud, in relation to payroll bank account details, adding:
“It is imperative that all colleagues across Defence are well-equipped to identify, stop and report attempts of mandate and CEO fraud from taking place."
Businesses and staff should especially watch out for emails with gmail.com and yahoo.com suffixes, as many organisations are reporting that they have been initially contacted by fraudsters using accounts such as these.
The MOD has issued advice on what to look out for and how to prevent and protect against fraud, encouraging everyone in the Defence sector to be vigilant and help identify, stop and report any fraud attempts.
What Is Mandate Fraud?
Mandate fraud occurs when someone contacts a Ministry Of Defence team or organisation within the Defence sector with a request to change a direct debit, standing order or bank transfer mandate, by pretending to be from a genuine supplier that already receives regular payments.
If the change is made as requested, payments are then diverted into the fraudster’s bank account.
This will most likely be redistributed into multiple mule accounts before the original account is closed-down, therefore making the flow untraceable.
What Are Cybercriminals After?
Javvad Malik is a Security Awareness Advocate at training company KnowBe4, and is one of the industry’s most prolific video bloggers. He spoke to BFBS Radio about the ways cybercriminals try to scam people online. Listen to Richard Hatch and Verity Geere speak to him below and discover some valuable tips for staying safe online ...
What Is CEO Fraud?
CEO (Chief Executive Officer) email fraud is a form of mandate fraud whereby a fraudster requests changes to payroll bank account details. This type of fraud typically occurs when the fraudster poses as an internal C-level executive (CEO, CFO, COO etc.) or other senior-level equivalents, with instructions to change the bank account details of the individual they are impersonating.
The fraudster will request this change as a matter of urgency, and accordingly, the staff receiving the email will feel pressured to comply with the request due to the apparent seniority of the sender.
Most businesses report initially being contacted via emails with gmail.com and yahoo.com suffixes.
Advice For Protection And Prevention
Mandate fraud can occur in different ways. Here are some methods to be aware of:
- Telephone - there will be a sense of urgency to get the changes made, so fraudsters may prefer to call to speed up the process.
- Email request - an email is received where a minor amendment has been made to the sender’s address details, giving the impression it is a correct and genuine email address at first glance. For example, [email protected] (genuine) could have been changed to a fraudulent email address of [email protected]. Alternatively, an email request is received from an unknown email account that is not already held within Defence records.
- Staff should always check the authenticity of an email received from a supplier (e.g. the domain name) by using established supplier contact details already held on file.
- A written/email request is received in the form of a letter or invoice that does not contain the supplier’s logo, or the logo may be less sharp or slightly blurred (this would most likely be a scanned copy of an original document which has been counterfeited). Look out for spelling or style errors.
Use The Existing Controls/Processes Defence Has In Place:
- Use existing systems and criteria where possible - by sticking to agreed finance/commercial processes, we can reduce the chance of fraudulent activity. Even when applied at a slower pace, and even retrospectively, it is vital they are still applied. DBS hold authority for changes to bank account details, where they must receive independent verification from a known company representative before enacting the change. Using existing data systems and collecting and retaining records of payments and services delivered will allow for easier analysis on the retrospective detection of any fraud that gets past our controls.
- Work with well-established, tried and tested partners where possible. If there is a genuine business need to establish a contract with new partners, please apply business acumen and commercial judgement amply. Detailed financial robustness tests and checks may have to become more basic, in which case each payment should be treated with extra caution.
- Payments should be processed by limited staff, each with appropriate oversight. The risk is highest with ePC. Cardholders must be prudent in decisions regardless of time-pressures.
Remember, if you feel you are being pressured to act inappropriately you should refer to your line manager, Low Value Purchasing (LVP) manager or LVP mentor.
It is not only the Defence sector that could fall victim to online fraud and scams, and the wider public, military personnel and business workers are also warned to remain vigilant during the coronavirus pandemic.
If You Remain Cautious, You Can Protect Yourself From Scams:
- Never click on links or open attachments from an email that you weren’t expecting.
- If you receive a suspicious email that appears to come from an official organisation such as the World Health Organisation, report the email to your security team to double-check.
- If you want to make a charitable donation, go to the charity website of your choice to submit your payment. Type the charity’s web address in your browser instead of clicking on any links in emails or other messages.
- Finally, don’t trust anyone knocking on your door, dressed up as a health official wanting to perform COVID-19 tests – they are just out to rob you.
If you receive a suspicious request or suspect a scam, counterfeit or fraudulent attempt, please report it to the Defence Confidential Hotline immediately. The department has set up rapid alert processes across the department and across Whitehall please look out for these alerts.
[email protected] 0800 161 3665 (UK) +44 1371 85 4881 (OS) Mil: 94667 4881