It has recently been brought to our attention that fraudsters are now targeting clubs and that this has now reached swimming clubs. Please do take the time to read and understand this brief article and circulate it to all committee members and other volunteers.
Recently a swimming club treasurer received an email purporting to be from the club treasurer which read as follows: ‘Hi X, Are you available to prepare a payment of £1,600 today? Please let me know so I can forward you the details Regards [name of chair]’. The email address used by the fake ‘chair’ was ‘presdernt@[name of swimming club].com’. When the club treasurer replied it went to the fraudster who had set up this email fake account. The treasurer replied ‘ Just seen your email X, I can but what’s it for?.’ The reply came from the fraudster as follows:
[name of treasurer],
It for the pool equipment's & kit servicing
This is the payment details
Name : R Brown
Account : 35436368
Let me know when you are done with the payment
[name of chair]
Fortunately, the treasurer spotted that this didn’t read well and checked with the chair who confirmed that he hadn’t sent it and so no funds were transferred to the fraudster. This type of fraud is called CEO fraud and is now common in sports clubs as well as businesses.
In a well-documented and widely reported case Reading-based Laurel Park Football Club had to suspend all planned spending, and the treasurer has resigned, after he was duped into making a series of payments to what he thought were companies undertaking work for the club. He received what looked like a routine email from the chairman asking him to pay £7,000 to a supplier from the club’s Barclays account. He had expected the request as the club, which operates 27 youth teams from playing fields on the edge of the town, was looking to spend money on its facilities. Only after he had made four payments – amounting to in excess of £28,000 into other Barclays accounts – did it emerge that the emails he’d received were false, and had come from a mocked-up lookalike account. You can read more about this here https://www.theguardian.com/money/2017/apr/29/email-scammers-target-youth-football-team-barclays.
We have also received the following information and advice from a Scam Portfolio Manager for a large bank:
The above examples are more commonly known as an "Invoice Fraud" or "CEO Fraud" and are usually aimed at Businesses as a whole, but can also effect non business accounts with a slightly different twist - e..g Those buying a house or having Building work etc.
Please see a link that the bank shares with their customers on this: http://www.actionfraud.police.uk/news/action-fraud-warning-after-serious-rise-in-ceo-fraud-feb16
Invoice Scams: Invoice scams happen when fraudsters send an invoice or bill to a company asking for payment for goods or services. They appear to come from a legitimate supplier, business contact or internal colleague at a legitimate email or postal address.
What’s happening? Businesses are being duped into making a new payment or changing the existing payment details of genuine suppliers on the back of a fraudulent instruction. The fraudster takes on the identity of the genuine supplier or a member of staff, often by compromising email systems or by sending a postal request that appears genuine. They may send a request, for example:
- For the bank account details for an outstanding or future payment to be changed
- From a senior colleague such as a finance director, chair or secretary requesting a new payment instruction
The message will usually insist on urgent payment to avoid further charges or other consequences. The funds are then paid to the fraudster's bank account. The fraud is only discovered when the genuine company sending the invoices chases for non-payment or when the parties meet and the payment is discussed, one of them generally knowing nothing about it. By this time your chances of recovering these funds from the fraudster are minimal.
Warning signs: The contact email address may only include a minor amendment, giving the impression that it is correct or you may receive an email directly from an individual that you have dealt with previously, this email account may have been hacked so look out for unusual grammar or requests to change your usual payment details. If the request comes in postal form on headed paper, look out for minor discrepancies such as a change in font or a change in the usual payment details.
- Always confirm any change of bank account requests with the company or colleague making the change. Remember not to respond to the email address the request has been sent from or use the contact details on the letter requesting the change.
- Consider setting up a designated single point of contact with companies to whom regular payments are made.
- Review any change of account details already acted upon where payment is due at a future date to confirm that the request is genuine.
- For payments over a certain threshold, consider additional checks with the company requesting payment to satisfy yourself that the payment will be sent to the correct bank account and recipient.
- For clubs, review your payment approval processes and the controls you have in place to make sure they’re sufficient to combat this type of fraud, maybe insist on 2 signatories or electronic online banking approvals.
Other good information is available on the Barclays Bank website at https://www.barclays.co.uk/security/financial-scams/ and https://www.barclays.co.uk/business-banking/manage/security/.