It has recently been brought to our attention that fraudsters have been using Trojan viruses/malware to obtain remote access to personal computers and to record the login and password information used to access accounting/payroll systems and other applications.

In an accounting/payroll system, they then edit existing beneficiary details, changing them to their own bank details, to obtain funds illegally. One of the ways this is done is as follows:

  • The fraudster waits for the PC user to do a supplier/salary payment run in their accounting/payroll system to pay legitimate invoices or salaries/wages.
  • The fraudster then substitutes the supplier/employee bank account number and sort code that’s been set up for legitimate payments with their own bank details.
  • The payment file is created in the accounts package, now using the changed account details for the beneficiaries.
  • The user imports the file into their banking software, usually only checking the file total rather than checking the beneficiary account information.
  • The user’s banking software then makes the payments using the changed account details, and the money is transferred to the fraudster’s bank account.

Please note: Electronic payments in the UK are made based on sort code and account number only. Any account name given is not routinely checked as part of the automated payment process. This is the same for all UK banks, and it is the responsibility of the remitter to ensure that the account details being used are correct by conducting independent verification.

If you are concerned in any way or would like to discuss the security controls you have in place, please call us on 01707 607100 or email us at contactus@minervauk.com.