Wirral Council reveals how fraudsters conned them out of £45k
Published yesterday as part of the agenda for Wirral Council’s Audit and Risk Management Committee meeting on the 25th November was the report into how fraudsters managed to con Wirral out of £45,683.86 and £95.60 meant for one of Wirral’s care homes.
As the care home had to then be paid, this con cost the Wirral taxpayer £45,779.46. The report goes into detail stating that other local authorities have fallen victim to this particular type of fraud and lost far larger amounts as a result.
The report details that the investigation started when the manager of a care home telephoned Wirral Council on the 23rd August querying why they hadn’t been paid as expected the previous week. Wirral Council confirmed that a payment had been made by bank transfer on the 13th August and that they’d received a request to change the bank details of the payee a few weeks earlier. The manager of the care home informed Wirral Council that they hadn’t made a request to change bank details, so the matter was referred to Wirral Council’s Internal Audit team.
The audit team contacted the bank that the fraudulent payment had been made to and were informed that once the money had cleared on the 16th August that it had been moved to another account. A replacement payment was made to the care home.
On investigation Internal Audit found that a request to change bank details had been made via email in July 2013. This email had been sent to the Wirral Council email address that Wirral Council’s Accounts Payable team request that their suppliers use. The email address used (although an email address can be easily forged) matched the information held on Wirral Council’s records and contained details of the payment the previous month to the care home.
Wirral Council’s procedures require staff to phone the supplier to check such a request is genuine. However as the email address matched and details of the payment the previous month was included this phone call was never made as it was assumed (wrongly) that the request was genuine.
The change was then checked by a supervising officer and the change to the bank details were made on Wirral Council’s Oracle system.
The fraud was reported to Merseyside Police on the 23rd August 2013 and Internal Audit were able to provide the name, account holder and address for both the account that the money was initially transferred to and the second account it was transferred to after the payment had cleared. This information was also passed to Action Fraud, who passed it onto the Metropolitan Police.
The Metropolitan Police contacted Internal Audit on the 5th November 2013 who confirmed that they are “actively pursuing” it. Internal Audit provided the Metropolitan Police with a statement detailing what happened.
A report was also prepared for senior management detailing ten recommendations which “stress the importance of following documented procedures in respect of changes to any account details”. These recommendations are also included in the monthly Internal Audit Activity Summary report which will also be discussed at the next Audit and Risk Management Committee.
Four days later the Wirral Globe wrote about this story too.
If you click on any of these buttons below, you’ll be doing me a favour by sharing this article with other people. Thanks: