'People like Stacey are the first line of defence against fraud and scams'
It’s always good to be appreciated by your employer. So imagine, then, the delight of a worker at National Australia Bank whose human interaction skills have been praised by her HR managers for thwarting a $6m fraud.
Melbourne-based bank NAB said a Relationship Associate, named only as Stacey, followed her instinct when a transaction didn’t feel quite right. Stacey was asked by an established customer to transfer the sizeable sum to an international account, as part of a capital raising round.
“Everything seemed pretty normal,” said Stacey, who works for the bank’s NAB Private division. “It was pretty consistent with other transfers he’s made in the past and was to a regular recipient.”
As a precautionary measure, she called him to confirm that the details were correct. “He asked me to pick this up with his accountant as he was about to catch a flight,” Stacey explained. “So I spoke to his accountant to double check he wanted this to go into a Singaporean account. I asked the accountant to call the supplier, the end recipient of the funds, to make sure this was what they wanted as there would be international fees.”
While Stacey awaited confirmation from the accountant, she read through some of the previous emails between the customer and the recipient and noticed a few changes throughout the email chain. “I first noticed the word ‘group’ misspelt as ‘gruop’ and the tone in some of the greetings was slightly different,” she remembered. “I could also see the account had changed to an overseas account and the date of the payment had been brought forward, so there were a few red flags jumping out at me.” She added: “I called the accountant right away to make sure they didn’t process any payments to this account.”
Stacey’s intuition and quick action saved the customer and the supplier from a $6m transfer to a criminal, impressing her proud bosses.
“Human interaction in this case saved the customer a considerable amount of money,” said Chris Sheehan, Executive, Group Investigations and Fraud. “People like Stacey are the first line of defence against fraud and scams. The supplier’s emails had been hacked by a criminal who then impersonated employees from the organisation. They changed the banking details on invoices in the hope of receiving the funds.”
This type of scam is known as business email compromise when an organisation’s email account is taken over by criminals to conduct fraudulent activities such as sending fake invoices, requesting updates to bank account details, or intercepting and altering inbound payment details. NAB says these scams are increasing.
“Criminals gain access to email accounts by sending a phishing email which appears to come from a trusted organisation or contact,” Chris warned. “This email might request the recipient’s email account username and password, or ask them to click on a link which downloads malicious software onto their device.
“If you see something that doesn’t look right, investigate it further before you action the request. Customers should verbally confirm all requests to new accounts using publicly available phone numbers to do this.”
He continued: “Often the email has been sent from a trusted contact who has had their own email account compromised. Once money is sent in a business email compromise event, it often can’t be recovered, despite NAB’s best efforts. This means the business or person who sent the transfer can be left significantly out of pocket.”