Transact’s new procedures and how to avoid scams

According to the Office of National Statistics and UK Finance, criminals successfully steal approximately £1.2 billion through fraudulent activities every year. However, the National Crime Agency estimates that fewer than 20% of frauds are actually reported, so the true figure may be much higher.

In our experience, no individual or financial institution is immune to fraudsters and criminals. The two cases below highlight that fraudsters target firms as well as individuals.

We feel it is important to make you aware of these cases to ensure that your clients do not fall victim to such scams.

Cyber attack

We received ten emails, supposedly from a pension provider, that contained a link to a virus (firewalls and anti-virus software are unable to detect what is behind a link within an email.) No recipient of the email clicked on any of the suspicious links and our IT team blocked the sender.

Hacked client email and fraudulent bank details

In June 2020 a client’s personal email was hacked by a fraudster. The fraudster worked out that when the client deposited money into their Transact portfolio, they sent this to a Transact bank account. With this knowledge the fraudster then sent an email to the client claiming we had recently changed our bank account and supplied the client with fraudulent details. The client tried to make a deposit to the fraudulent account but the bank alerted the client when the account name and number did not match. The client then contacted the adviser and we were informed.

To avoid scams like these, please ensure that you:

  • Check email trails. Fraudsters tend to use old emails and change the subject in order to obtain information.

  • Check your sent items and folders for any suspicious or hidden correspondence.

  • Always check the email address. Fraudsters will often set up fake accounts with very similar email addresses.

  • Be cautious of any links or documents sent to you via email.

  • Ensure you have the correct internet protection such as firewalls and anti-virus protection.

  • Do not share passwords and do not use the same password across multiple accounts.

How to prevent criminal activity

Fraudsters are constantly evolving and developing new methods to circumvent anti-fraud controls and defraud clients. It is therefore important that you, as the adviser, and us at Transact continually review and establish controls in order to keep clients’ money safe and understand how to identify potential fraudulent requests.

Red flags and indicators of potential fraud are:

  • Urgent and time-critical payment requests.

  • Numerous requests received at once. Particularly change of bank details and withdrawals.

  • Unsolicited or unexpected withdrawal requests.

  • Unsolicited requests via emails or phone numbers not associated with the client.

  • The method of communication. Fraudsters will tend to use emails and claim they cannot be contacted by phone.

  • Reticence to supply supplementary documents such as bank verification.

What we have changed

  • We no longer accept bank statements as a method to verify bank accounts.

  • We may now call you when a change of bank account and withdrawal instruction are received together.

  • We may ask additional security questions when receiving calls from clients.

Your responsibilities

It’s important to remember that you have the direct relationship with your clients. As the adviser you are often best placed to identify fraud. Questions to consider are:

  • Is the request in line with the client’s investment goals?

  • Has the client previously mentioned or indicated to you they would be sending in the request received?

  • Have you verbally spoken to your client? Be wary of email-only communications.

  • Do the documents received appear to be genuine?

You should also:

  • Certify documents correctly, and only when you have seen the original.

  • Confirm and ensure that instructions are genuine.

Handling voided cheques

It’s therefore important you look out for issues and raise concerns prior to submitting cheques for bank verification. We have listed some simple checks which you should consider before accepting and uploading a voided cheque for bank account verification purposes. You should:

  1. Check the paper quality. Cheques are usually printed on thick, sturdy stock paper. Cheques with a perforated edge are more likely to be authentic.

  2. Ensure that the name, logo and address match that of the bank.

  3. Check the Magnetic Ink Character Recognition (MICR) code matches the cheque number (MICR is the long number at the bottom of the cheque).

  4. Look out for misspelled words or amendments on the cheque.

  5. Turn the cheque over to see if the original cheque has been printed over or amended.

  6. Look for any irregular formatting or font. Cheques are printed to a high standard by accredited printers, so any irregularities may mean the cheque is counterfeit.

To find out more about this or any of our platform features, please call sales support on 020 7608 5350.