Be Aware of Fraudsters

In at least two recent cases, parishes in this Diocese have lost money when they were sent fraudulent emails that appeared to come from trusted sources asking for bills to be paid.

The Diocese has asked that Treasurers be aware and follow the advice below:

• Paying bills by bank transfer is a vulnerability. We strongly advise parishes to have a system of dual authorisation in place for ALL electronic payments so that one person sets the payment up, sends details of the payment with backing documentation to the authoriser and they authorise the payment.
• For ease of authorisation it is good practice to do a weekly or monthly payment run. File all backing invoices/ documents.
• Make sure all cheque payments have dual signatures.
• The Treasurer should check the bank account at least weekly so that "strange" transactions are identified quickly. Regular bank reconciliations should be done.
• Remember, your bank will never ask you by email or telephone to transfer money to another account for safety.
• Remember, the person or organisation showing on your ‘phone may not be who is actually calling you. 'Caller ID spoofing' is the practice of causing the telephone network to show a call is from a number other than the true originating number.
• If you have any doubts about someone who claims they are contacting you from your bank, pause and contact your bank on a trusted number, from a different telephone number, to check before taking any action. A legitimate caller/ emailer will be happy for you to do this.
• If a payment request appears out of the ordinary, even if from a fellow parishioner, ‘phone them or speak to them to check – remember, emails can be hacked.
• If a payee specifies a new bank account, 'phone the payee to verify – do not just do it on the strength of an email.

The advice comes after a PCC Treasurer received emails from a fraudster who had hacked a fellow PCC officer’s email account. The emails requested urgent payment of fees to a bank account. The payment was made, but to the fraudster’s account.

In a second incident, a PCC Treasurer was led to believe that they were speaking to their Bank’s fraud officer, who persuaded them to transfer funds into another account for safety because of suspicious activity around the PCC’s account. It sounded particularly believable because the supposed officer even pretended to set up an appointment for them to meet at the Bank.

The Diocesan Accounts Department will arrange a training session on avoiding financial fraud. We shall let you have details as soon as these can be confirmed.

Download the PDF here.