There appears to be a flourishing industry of ever more complex and sophisticated scams that are designed to divert our hard earned money from our bank account into the wrong hands.

Even within our own client base we have seen a frightening increase in the number of clients that have fallen foul of these scammers. Often, because of the complex nature of the scams, and due to the clients’ own inadvertent involvement, the clients have had no way of recouping their funds.


We all believe that the systems and internal controls we have in place will protect us. However, the clients who suffer these scams often do have strong internal controls and the recent experiences have shown that everyone is vulnerable if the fraudster(s) catch you at the wrong time, on the wrong day, with the right information.

The good news is that we believe there are two golden rules to follow that will significantly reduce the risk of you or your business being the next one to lose out.


No matter what, always ensure that when anyone is contacted in relation to the business bank account, that they understand who initiated the phone call.

This is particularly important when phone calls/messages get passed on within the business. It should always be made clear whether the business has contacted the individual/perceived bank or whether the call came into the business.

If the phone call was an incoming call at no point should any information be discussed or any actions initiated in relation to logging on to the business banking system.

It is vitally important that the telephone number given as a return contact number and/or any website verification/sites provided should not be used or relied upon. It is important that a trusted number exists within the organisation for the actual bank, so that it can be used to verify the relevant person.

We cannot emphasise enough how important it is that any action involving the business bank account, only gets undertaken once the steps are retraced through a trusted number /actual contact, at the bank.

You would be surprised how many of the current scams would have been avoided if this golden rule had been applied.


This is mainly for people who have access to internet banking but it is equally important.

No “new payee” should be set up on the system or existing bank details changed for a current payee, without face to face contact or a phone conversation with a trusted individual to confirm that the new bank details are correct and valid.

Many of the current scams would have been avoided by following this second golden rule.

Neither of the above will strike you as particularly difficult or onerous, and you may feel these are both solid internal controls within your own business already. However, we finish by pointing out this is not something you can implement once and assume that everybody obeys these rules on a day to day basis. These should be regularly communicated for the benefit of all new staff and to remind existing staff, so that the risk of succumbing to one of the ever more sophisticated scams is significantly reduced or eliminated.

We hope you find this article interesting and we urge you to action/review the 2 golden rules in your organisation (and your personal life) to prevent any more people falling victim to the growing army of crooks.

Charnwood Accountants & Business Advisors LLP