West Suffolk Council gives staff training after being scammed out of £52,000 and makes call to combat international online fraud
A district council which was scammed out of £52,000 said staff have been trained to help prevent future incidents – as more needs to be done to combat international online fraud.
A report into how West Suffolk Council was scammed will be heard by the authority’s Performance and Audit Scrutiny Committee on January 25 and will explain what happened and measures that have been taken.
In July 2023, the council was the victim of a bank mandate fraud which resulted in a payment being made to a fraudster instead of the intended supplier. Hackers used the official email of a business to then scam a third party as all correspondence was from the official account of the business.
The report details that although the email was from the correct and verified address, the authority’s supplier had been the subject of a sophisticated cyber-attack and at this stage an additional internal process to verify bank account changes was not correctly followed and as a result, the fraudulent invoice was paid.
The council’s banking partner notified the authority of a potential fraud but could not prevent the payment being made to the fraudulently provided bank account.
The council then contacted the supplier, the banks, law enforcement, legal advisors, e-mail providers and other connected agencies to find out what happened and to try to recover the money. The incident was also reported to Police and Action Fraud.
An internal audit found that staff were not involved in perpetrating the fraud.
Now service and staff involved were spoken to and training has been given, procedures have been strengthened and further guidance given to staff.
Cllr Diane Hind, cabinet member for resources at West Suffolk Council, said: “This incident was extremely regrettable and from the statistics many organisations are unfortunately affected by such scams. West Suffolk, like many organisations is daily targeted by scammers but this is the first time the council has been defrauded in this way. This type of crime is very hard to successfully investigate and prosecute, Unfortunately, it has devastating effects for small businesses who are not geared up to detect this type of crime or have the resources to survive it if they fall victim.
“Following investigations by our auditors we have taken measures to reduce the risk of it happening again and have strengthened training and procedures. Upon discovery of the fraud, the immediate steps taken were to contact the receiving bank to seek recovery, and the issuing bank to review potential avenues of escalation. All other potential payments to the supplier were put on hold. The police (through their Action Fraud reporting centre) were also contacted, and the scam reported once it was established a fraud had been committed.
“We have put as much as we can into the public domain without hindering any criminal investigation or providing useful information to other scammers. We want to do this, not only to provide transparency for residents but also so other businesses can learn and take measures themselves. What is clear is there needs to be more of a national focus on this to improve detection and to stop businesses falling victim. The recent bank mandate fraud is a reminder to us all that we must remain vigilant from the threat of such sophisticated fraudsters. Bearing in mind the level of fraud and amounts of money being scammed the Government and businesses, such as email providers, need to do more to focus on this issue.”