Surely with anything like this you would double check? Laziness has its costs.
A Scottish local authority lost £102,000 to an African gang after being duped by a targeted letter scam. The letter, received at the end of July, purported to come from one of South Lanarkshire Council's legitimate suppliers, and requested that payments be made into a different account. The finance department complied, …
Against my better judgement, but giving the idiot the benefit of the doubt for a moment, actually, more probably idiots as I doubt a single signature would be enough to allow a change like this.
Knowing the job creation schemes employed by local authorities to keep friends and family employed, this change probably went through at least three people. The paperwork must have looked kosher.
Ah yes, so now we're in the territory of .. honest, this was the work of some random Nigerian scammers, randomly targeting us no doubt through the auspices of some powerful local bokor back in the home country, who just happen to
i. know the normal procedure and forms employed by a company to change bank account payment details apropos this council.
ii, knew that the company was to about be paid.
amazing the level of detail that can be found out by the rolling of the bones.,
(or, in the case of a certain south London council, the pilfering and machinations of the contracted-out cleaning staff, mostly Nigerians, who were acting under orders of outside handlers to remove certain forms, which were then filled in by the handlers, the cleaners then placed the forms back in the appropriate trays and lo!, magic!. Money started flowing from council X, through various fronts, back to Nigeria.
Admittedly this was over 15 years ago, but surely no council would still be dumb enough to leave important documentation lying around on desks where 'poor ignorant' cleaning and security staff would have full access to them after hours, when there isn't anyone else looking? - shouldn't just castigate councils for this, how well do you thing any organisation vets their cleaners? care to hear the story about the cleaner at a Uni physics department who had a degree in, umm, physics, from an Indian uni that his employers didn't know about, espionage you say?, surely not, surely just a poor economic migrant doing his best to make a living..)
To quote from one of Pterry's books "'I'm a little man and I carry a broom', said Lu-Tze simply, 'Everyone has some mess that needs clearing up. What harm is a man with a broom?'.
involving in Council Employee’s expenses I'm surprised they noticed the money missing.
This can't be the first time this happened... just the first time somebody has had the balls to admit it.
EPIC Fail with our money but rest assured nobody senior will lose their job over this.
100K = 10 lowly paid council workers or one executive. Who do you think will lose their job because of this incompetence?
get a grip. 120k isn't even a rounding error for south lanarkshire council. their annual budget is 1billion. they could recoup that by taking 60p a week off the wages of their employees. or 10 quid a week off the tossers who were involved in the paperwork for the dodgy change of bank details.
For all those spouting along the lines of "stupid council employees not checking" ...
It is fairly routine for suppliers to send communications to customers along the lines of "our BACS details are ..." so that the customer can pay directly into their bank account. In fact, it is expected in business these days.
It's not unknown, though not that common either, for businesses to change banks - in which case they'll send out a letter to their customers advising that "as of <date>, our new bank details for BACS payments are ...". It sound suspiciously from this story that the fraudsters have managed to fake a letter from a council supplier along the above lines - then come the next payment run, the money goes to them instead of the supplier. It would not generally raise any alarms, it's just a matter of changing a couple of numbers in the accounts package.
I nearly wrote that it's a clever attack, but to be honest, my only surprise is that it's taken so long to happen. All it needs is the knowledge of a supplier and a sample of their letterhead. Finding details of council suppliers is unlikely to be hard - after all, many of them will be driving around doing public work with their name on the side of the van !
The only difficult bit of this scam is having a recipient bank account. This needs to be a UK bank or it will raise questions, and that means having identification in order to open it. In practice, this probably involves the use of an intermediary account owned by someone who fell for a phishing attack - money goes into their account, gets transferred out of the country (possibly through other compromised accounts) and the trail gets harder to follow.
That may be so, but how difficult is it to simply call the number you *already have* for the supplier to confirm the change? Security 101: accept *nothing* unless you can verify it.
Any post/contact from my bank which involves any changes results in me phoning them to confirm it. This, I'd expect, to be pretty standard practice.
Not having such simple common sense is pretty inexcusable for someone who has a few quid in the bank, not for something involving this amount of money. But, I guess since no-one's going to get blamed it doesn't matter to them...
This post has been deleted by its author
What's it with the assumption that they are lads from Lagos? Is the Register now run by the same management team as the Daily Mail?
I suppose it is more accepting for the colour-minded simpletons to make the assumption that this was done by some Nigerians rather than to try and attach it to the worst fraudsters int he world (Americans). Nothing in the story to suggest that this was mastaerminded by anyone from Lagos. How would Lagos boys have the bank details without inside complicity anyway.
The totality of fraud committed by "the boys from Lagos" is a tiny miniscule compared to what gets done by our bankers and politicians...or even the like of MADoff.
http://www.hamiltonadvertiser.co.uk/news/local-news/hamilton-news/2010/09/23/council-scammed-out-of-102k-by-west-african-gang-51525-27322764/ is even more definite. It wasn't even Nigerian scammers in the UK.
“We are not sure who did this but it has been carried out and professionally done by a gang in an African country."
I don't believe it. Nigeria doesn't have a monopoly on scamming.
And other councils have fallen for the same scam too. Possibly the impersonated supplier deals with several local authorities..
Now the council are in a good position to save money by SACKING the idiot(s) who blindly let this pass through. Yes, sack someone in a public job. Unheard of! Yes, but now it's time to get tough with people who would be thrown out of a private company if they had made the same mistakes there.
it is quite common for the crooked minded to send likely-looking but bogus invoices to companies. Enough get paid to make it worth risking.
I know a guy who invoiced a certain cable tv company for time spent waiting on their customer 'help' line. They paid it.
Never had the balls to do it myself though
As the lede says " A Scottish local authority lost £102,000 to an African gang after being duped by a targeted letter scam." That IS NOT a 419 scam. 419 is "advance fee fraud", where victims are suckered into paying a fee in order to gain some reward.
"419er" is not a shorthand for "Nigerian fraudster". It refers to a specific kind of fraud. This was a quite different one that preyed simply on the victims' credulity, not appealing to their greed.
I think you will find that North Lanarkshire is a Labour controlled local authority with a sizable majority. One of the very few left in Scotland.
Not that there is anything wrong with it. Better than the SNP, who would be too pre-occupied with trying to rename the council with a gaelic name.
Bulk mail a large bunch of firms saying they owe for some bit of kit or service.
Rely on *some* of them have purchase ledger staff who will rubber stamp the payment *provided* its below a certain level.
Last one of these I heard about was about £13m before the Lloyds (IIRC) account was frozen.
Needs experience, a good letter and a great mailing list to be successful, but "clever". No.
Biting the hand that feeds IT © 1998–2020