This document provides an overview of fraud awareness and prevention strategies for businesses. It discusses common fraud risks such as social engineering, phishing, invoice fraud, and insider threats. It also outlines best practices for preventing data loss and recovering funds after a fraud occurs. Key recommendations include implementing strong authentication procedures, carefully vetting invoices and payment requests, and having plans in place to quickly deal with suspected fraud.

1. Fraud Awareness
Sophie Urquhart
Corporate Services
Oxford, May 2015
Classification: Public

2. Fraud Awareness
1. Introduction
2. Social Engineering & Online Fraud Prevention
3. Cheque Fraud Prevention
4. Invoice Fraud Prevention
5. Insider Fraud Prevention
6. Data Loss Prevention
7. Governance

3. The ‘Business’ of Fraud
Cybercrime is a top
threat to UK national
security.
Information and money
obtained are used for trafficking,
terrorism and illegal trade
26/05/2015 3
International Professional
Organised Effective

4. Social Engineering
Amateurs
attack machines;
Professionals
target people
Bruce Schneier

5. ‘A multi-media message is available to view’
‘Confirmation of your hotel booking is attached’
‘We could not deliver a parcel to you’
‘A complaint has been filed against you’
‘Receipt of Online VAT Submission’
Phishing Hooks

6. 6
Infection via Attachments
• Word / excel document
contains a macro
• The macro calls out to the
fraudster’s website
• If macros are turned on by
default, a Trojan will be
downloaded
• Its recommend that within
MS Office, macros are
disabled by default
.co.uk is a legitimate company.
They are not sending these emails and their systems have not been hacked or compromised.
They have absolutely no control over these bogus messages.

7. Trojans in action (1)
If your browser is infected, the fraudster can divert you to a ‘look-a-like’ site
and harvest your log-in credentials in real time
Security warning
removed or fake

8. Trojans in action (2)
The fraudster keys a payment whilst keeping the customer in a holding pattern on the fake website
Running security check

9. Trojans in action (3)
The fraudster presents a screen stating that a smartcard code is needed to complete log-in.
If this is supplied it will be used to authorise the fraudulent payment
To complete this action you need to authorise the change with your Smartcard and reader
Enter smartcard code to complete
security check and log-in

10. Trojans in action (4)
Bankline is out of service
Do not attempt to log-in for at least
2 hours
The fraudster wants to buy time to withdraw the stolen money
Therefore, they inject a screen message claiming service issues and instructing that no log-in
attempt should be made for a specified period

11. Golden Security Rules: we will…
Never ask for your full PIN & password online:
only 3 random digits from each are needed to log-in
Never ask for your PIN & password or any
smartcard codes over the telephone: beware of imposters
Never ask for smartcard codes to log-in:
these codes are used to authorise payments
We strongly recommend you download specialist security software
Trusteer Rapport: free from www.rbs.co.uk/onlinesecurity

12. Online banking best practices
• Regularly change log-in passwords
• Don’t share log-in credentials
• Keep credentials in a secure place
• Force dual authorisation of payments
• Apply payment limits
• Disable unused functionality and payment
options
• Regularly review user roles and privileges

13. Complement Browser Solution
Specialist Financial
Anti-Virus Software
• Keeps computers clean of Man-
in-the-Browser malware
• Detects new Zero-day threats
• Stops phishing of login credentials
and payment card data
• Notifies fraud teams of threat
activity

14. • Large Corporate Client
• Received a call regarding
incoming payment
• Some information was
provided by caller
• Caller suggested all
payments are frozen
• Requested information
from the client to
‘unfreeze’
A Case Re-enacted

15. 15
Vishing – Remote Control Scam
• Fraudster asks you to log on to
Bankline to run a security check
• They ask you to download
“remote control” software to help
diagnose a problem
• The fraudster now has total
control over your PC
•They ask you to switch off the
screen whilst a “security scan” is
completed
• With the screen switched-off,
the fraudster will key payments
• Finally, smartcard codes are
requested to “restore access”
For the avoidance of doubt, TeamViewer is a legitimate
service, but it is being abused by criminals.

16. Fraudster’s Headquarters?

17. Vishing HQ

18. Social engineering,
phishing & vishing
notes
Vishing HQ

19. It Takes Two to Disconnect
NatWest
?

20. Call Re-Direct
Call re-direct
•Calls are diverted away from the business
•Can be achieved by contacting your telecoms
provider
•Purpose is to get the bank to complete payment ‘call
back’

21. Cheque Management

22. Cheque Fraud

23. Cheque Fraud

24. From: smith henry [smithhenry2004@yahoo.com]
To: <correct address removed>
Subject: Yamaha XV535S Virago
Cotswold Business Park, Witney,
OX29 0YB, Dubai
HELLO.
I Am a dealer in bikes and cars resident in dubai am
interested in your (Yamaha XV535S Virago ) client has
just ordered for this model of (Yamaha XV535S Virago ) i
will want you to give me the price of the ( Yamaha XV535S
Virago ) so that i will instruct my client who is owing me
to effect payment immediately by a cashier check drawn
in united kingdom bank if that is ok by you get back to me
immediately.
Best regards
MR Smith
Overpayment Scam

25. Invoice Fraud and
Mandated Payments
Fraudulent
Supplier
or
Genuine Supplier
External Party
Internal / External
Party Collaborating
Internal Party
Employee
Fraud

26. Invoice Fraud
Supplier
Create
Invoice
Print Post
Lookup
missing
info
Re-key
Archive
invoice
Invoice
authorised /
matched
Open &
key in
Customer / Buyer
Payment
submitted
4. Payments
Invoices are not paid to genuine suppliers’
correct bank accounts
Authorisers of invoice payments do not follow
the agreed approval process
1. Checking
Invoices are not from
genuine suppliers
Bank account details
are not the same as on
file and / or finance
system
2. Processing
Manual processing of
invoices may missing
duplicate invoices
3. Matching
Invoices do not match against goods
received notes or purchase orders

27. Change of Details
• Source contact numbers
independently
• Confirm correct details
• Confirm payment – send £1?
• Review recent and pipeline requests
• Speak to colleagues

28. Invoice Re-direct
Remittance advice: Payment terms are 14 days.
Account Number: 381111. Sort Code: 120555

29. Insider Threat
Insider
Types
Coerced
Traditional
PlantedMalicious
Negligent
Profile, motivation, and opportunities
Regulated
£
Money
Information Sabotage &
disruption

30. Insider Fraud

31. Data Loss Prevention
Key to reducing the risk is to classify all information and treat accordingly
Use labels on documentation – Protectively mark for appropriate
handling, for example:
Public, Internal, Confidential, Secret
• Post – name recipient, deliver by hand
• Printing – who, where
• Storage – clear desk, lock away
• Transmission - encrypt secret and confidential even if internal
• Destruction or disposal – lockable waste bin or shred

32. • Hard copy papers
• Unencrypted emails
• Encrypted emails
• Encrypted web uploads inc.
through social media
Preventing Data Loss
• Removable media inc. by authorised
users
• Mobile devices inc. phone cameras
• Back-up tapes
• Endpoint devices and hard disks inc.
desktop computers
Enforce policies to prevent accidental, malicious or non-malicious data loss
via:

33. Protect Your Identity
• Have post re-directed for a year
after moving
• Regularly review your credit
reference record for searches
done, and for accounts set up in
your name• How do you dispose of paperwork?
• Where is your public footprint?
• Is post delayed?
• Are documents filed away?
• Who should I contact about lost cards
or documents?

34. Governance
Cyber &
Information
Security
Strategy and
Assurance

35. Useful Websites
NatWest Business Banking Fraud and Security Advice Centre
Trusteer Rapport - an extra layer of online security software
Action Fraud: www.actionfraud.police.uk
GetSafeOnline: www.getsafeonline.org
CyberPartnership: www.cyberpartnership.org
Cyberstreetwise: www.cyberstreetwise.com

36. 26/05/2015 36

37. Duties of charity trustees in
relation to fraud
Alison Talbot

38. Charity examples
 Former RHS head of operations pleads guilty to
attempting to steal £700k from the charity (Third Sector 1
May 2015)
 Grant Thornton assistant manager pleads guilty to
embezzling £726k of charity cash (30 April 2015)
 The former chief executive of children's charity Together
4 All pleads guilty to stealing more than £50,000 to spend
on holidays, clothes and gambling. (Civil Society 5 May
2015)
26/05/2015 38

39. Charity examples
 Founder and former chief executive of ShelterBox has
denied charges of attempted theft and fraud after being
accused of trying to steal over 1,000 tents from the
charity (Civil Society 30 March 2015)
26/05/2015 39

40. ???
26/05/2015 40

41. Charity Commission Press Release
Press release 20 May 2015
Commission issues warning about scams
From: The Charity Commission First published:20 May 2015
Part of: Regulatory alerts: Charity Commission and Community and society
Regulator issues alert about a scam that uses a fake charity name to obtain bank information.
The Charity Commission is reminding charities and the public to be vigilant and look out for scams used by fraudsters to obtain bank details.
The commission says that it is aware of a recent scam designed to trick religious foundations in the USA, and possibly this country too. The
foundations were contacted with news that they were due a large gift or donation from an organisation promoted as being a legitimate and
registered charity in the UK, which did not exist.
In this instance, in an attempt to make the scam appear more credible, the fraudster used false documentation showing parts of the
commission’s logo and a forged staff signature. The regulator was contacted by a number of concerned individuals.
Before giving out any information, particularly of a financial nature, to another charity, trustees can take the simple step of looking up the
registered charity number and the charity’s entry on the commission’s online charity search tool.
Trustees who receive correspondence falsely claiming to be from a genuine charity or from the commission should report this to the commission
and to Action Fraud, the UK’s national fraud and internet crime reporting centre. The commission has referred this matter to Action Fraud.
Ends
PR 30/15
26/05/2015 41

42. Why are charities vulnerable?
 Handle cash and fluctuating income
 Reliance on goodwill of supporters and volunteers
 High levels of public trust and confidence
 May have less formal financial controls
26/05/2015 42

43. Impact of fraud on the charity sector
 Fraud is estimated to cost the charity sector in England
and Wales £147 million (National Fraud Authority’s 2013
Annual Fraud indicator)
 1,280 serious incidents were reported to the Charity
Commission in 2013/14 and included fraud valued at
£13.5 million
 Not just financial impact
 Reputational damage
 Cancelled projects
 Detrimental effect on volunteers and supporters
26/05/2015 43

44. The role and responsibilities of charity
trustees
 Charity trustees have a duty to protect the assets of the
charity and ensure that it is solvent, well run and delivers
its charitable purposes for the benefit of the public
 Duty of care to safeguard the charity’s assets and act
prudently
 Appropriate financial controls
 Full financial records
 Respond appropriately if there is a suspected fraud
 Personal liability
44

45. Safeguarding against fraud
 Risk assessment
 Financial controls
 Record keeping
 Anti-fraud policy
 Fraud training and awareness
 Encourage reporting/whistleblowing
 Have a plan for dealing with suspected fraud
45

46. How to deal with suspected fraud
 Report to the trustees
 Decide how the incident will be dealt with and by whom
 Consider seriousness of the fraud and if appropriate
contact the police and/or HMRC
 Take steps to prevent any further breach
 Consider whether the assets can be recovered
 Prepare for media interest
 Serious incident report to the Charity Commission
 Review procedures
26/05/2015 46

47. Further guidance
 Charity Commission Guidance: Internal Financial controls
for Charities (CC8)
 Charity Commission: Compliance toolkit – Protecting
Charities from Harm
 Action Fraud Website:
www.actionfraud.police.uk/charities
26/05/2015 47

48. Any questions?

49. Contact us
Alison Talbot
Partner, Charities Team
01865 254241
alison.talbot@blakemorgan.co.uk
49

50. 26/05/2015 50

51. Recovering Funds after a Fraud
Philip Collins
Senior Associate

52. Fraud: What is it?
• Wrongful or criminal deception intended to result in
financial or personal gain;
• Deliberate deception, trickery or cheating intended to
gain an advantage.
52

53. Fraud: Likely Causes of Action
• Unlawful means conspiracy;
• Knowing receipt;
• Dishonest Assistance;
• Tracing/unjust enrichment;
• Fraudulent trading (insolvency) claims.
53

54. 54

55. The “Burial Rights Deed”
• Ethel is supposedly a party to the Deed.
• Molly to execute the Deed after Ethel’s death?
• The Deed states that Burial Co has already had £1M.
• Burial Co only own 1/3 of the land covered by the Deed.
• Burial Co charge Ethel’s estate for her funeral.
55

56. Burial Co: The Result
• Ethel’s property sold and sale proceeds secured;
• Letter of Claim: September 2014;
• Mr Smith Response Letter: November 2014;
• Burial Co Response Letter: January 2015;
• Mediation: January 2015;
• Circa £1million recovered.
56

57. Claim value Old Issue Fee New Issue Fee
>£10,000 - £15,000 £455 5% of the claim value
>£15,000 - £50,000 £610 5% of the claim value
>£50,000 - £100,000 £910 5% of the claim value
>£100,000 - £150,000 £1,115 5% of the claim value
>£150,000 - £200,000 £1,315 5% of the claim value
>£200,000 - £250,000 £1,515 £10,000
>£250,000 - £300,000 £1,720 £10,000
>£300,000 (or an unlimited amount) £1,920 £10,000
New Court Fees
57

58. 26/05/2015 58