Vets Update - Fraud

Published: Tuesday 30 June 2015

It is often at this time of year with the longer days that makes properties easier targets for break ins with open windows and doors. We have become aware of an increase in different but no less serious types of crime, with a number of veterinary practices being targeted. 

In some cases, significant sums of money have been unfortunately but successfully transferred into unwanted hands.

Phishing:

No relationship to the more relaxing pastime of fishing!

Phishing is an email scam where fraudsters masquerade as your bank or other trusted organisation to obtain confidential information such as personal information, bank details or passwords. The email will usually link through to a fake website, which looks almost identical to the legitimate one. A message usually suggests that you need to act urgently, for example to prevent your online access from being blocked.

HMRC indicate that will never contact you by email regarding refunds and payments and therefore anything purporting to be an income tax refund or alike and requesting you log in via a link should be deleted immediately. You can always log into your HMRC account in the normal way to check matters.

Unfortunately HMRC do send emails about VAT returns being due so although they say they do not correspond via email, they do, but only for information purposes, never requesting you to click on anything.

To guard against phishing:

  • Watch out for emails that are grammatically poor or that begin with ‘Dear valued customer’ or similar. A genuine bank email will always contain your name.
  • Hover over links within emails to see the true web address.
  • Use a SPAM filter to remove unwanted emails and opt out of marketing emails on websites.

Scam phone call, also known as vishing:

Vishing is similar to phishing but with voice phone calls (hence the “v” in vishing).

Fraudsters use telephone scams to obtain online banking passwords, confidential details or persuade you to move money to a “safe account”. They will tell you there is a problem with your bank account and ask you to call back on an official number, say from your card. By holding the line open until you call back, they convince you that you’ve reached the bank. They may alter the incoming number which appears on your phone’s caller display to one which you know is the genuine number for the Bank.

If you are not absolutely certain that it is your Bank calling you:

  • Call the Bank on a number that you know is correct from a different phone.
  • If this is not possible ensure the phone line is clear first by waiting at least 5 minutes before calling back.
  • Or test the line by calling a friend or colleague first.
  • Remember that the Bank will never ask you to transfer funds to a “safe account” and will never call you to ask you to divulge full passwords, PINs or payment authentication codes.

Malware:

Malware (malicious software) is often hidden in email attachments and free downloads. It can interrupt your web browsing and present you with a fake, but seemingly genuine, screen prompting you to enter passwords and codes which can be captured. This information can be used by fraudsters to access for example your online bank accounts and to make fraudulent payments, but also access other confidential information on your PC.

To guard against malware:

  • Ensure all computers are protected by high quality anti-virus and anti-spy software. Update it regularly and run frequent scans.
  • Only download programmes to your computer from sources you trust.
  • Consider if it possible provide a designated computer that is not used for web browsing, email or other activities that could bring malware onto the system, for processing financial transactions.
  • When you are using your online banking service, if you are asked to enter passwords or verification codes at an unusual stage, log out immediately and call your bank.

Email hacking:

There have been cases of email systems being hacked and emails sending invoices to clients being intercepted and replaced with identical emails and invoices except with different bank payment details. The invoices were then chased by the fraudster for payment using the clients email system.

To guard against email hacking:

  • Change passwords regularly.
  • Do not use easy to guess passwords.
  • Add an extra layer of security. Many email provides are now offering an extra authentication level in addition to username and password. This can take the form of a code generated by a key fob or smartphone app. This is often free and it is worthwhile checking out with your email provider to see what they could offer you.

Mandate fraud:

Fraudsters might send an email or letter which appears to come from the beneficiary of a genuine payment which you make. They ask to change the bank account details to where the payment is sent to and if you do not check the authenticity of the request, the next payment made will go to the fraudsters, not the intended recipient.

To guard against mandate fraud:

  • Review existing processes for sending payments and ensure that there are strong authentication measures in place.
  • Establish a single point of contact with each regular supplier and confirm any requests to change payment details with them on a number you know is correct.

Supplier pretence:

Fraudsters have been known to pretend to be a supplier by copying a supplier’s headed paper and writing to businesses requesting that bank details confirmation for future payments.

To guard against supplier pretence:

  • Double check by speaking personally with the supplier to confirm any such requests are genuine.

Cheque overpayment:

Beware of payments to your practice for significantly more money than you were expecting. Fraudsters may tell you that they have sent too much money to your bank account, asking you to return the additional amount sent in error. If you return the money without realising that that the payment into your account was a fraudulent cheque, you will lose out on those funds when the fraudulent cheque gets returned unpaid.

To guard against such issues:

  • Contact your bank and ask them to investigate the origin of any payment from a new client which is more than you expected.

Further information and advice on all of the above is available at here.

Get Safe Online is a public and private sector partnership, supported by the government and leading organisations in banking, retail, internet security and other sectors. Their website includes tips and advice on protecting both yourself and your practice, including:

  • Protecting your computer and other hardware
  • Smartphones and tablets
  • Online safety and security
  • Shopping, banking and payments
  • Safeguarding children
  • Social networking
  • Information security

Another useful reference on how to avoid being a victim of fraud is Action Fraud.

Return to News
Back to Top