Be vigilant – Cyber fraudIt has recently been brought to our attention that fraudsters have been using Trojan viruses/malware to obtain remote access to personal computers and to record the login and password information used to access accounting/payroll systems and other applications. In an accounting/payroll system, they then edit existing beneficiary details, changing them to their own bank details, to obtain funds illegally. One of the ways this is done is as follows:
- The fraudster waits for the PC user to do a supplier/salary payment run in their accounting/payroll system to pay legitimate invoices or salaries/wages.
- The fraudster then substitutes the supplier/employee bank account number and sort code that’s been set up for legitimate payments with their own bank details.
- The payment file is created in the accounts package, now using the changed account details for the beneficiaries.
- The user imports the file into their banking software, usually only checking the file total rather than checking the beneficiary account information.
- The user’s banking software then makes the payments using the changed account details, and the money is transferred to the fraudster’s bank account.