A new financial scam – are you affected?

Laptop keyboard with warning triangle.

Here’s a crazy little story that most businesses have missed.

A couple of months ago, HMRC sent out an alert…

It reminded businesses that there were two ways to change your VAT details with HMRC: Either via an online account, or using a paper form (VAT 484).

Apparently, fraudsters had been using the paper form to change the banking details of certain companies, redirecting any VAT repayments to their own account rather than to the business.

HMRC has asked businesses to verify any changes made to their details since January 2024.

It’s a clever little scam, isn’t it? Using HMRC’s own paperwork to steal from unsuspecting companies.

For businesses like yours, there are several lessons…

First, before anything else, take HMRC’s advice and double-check that your name and bank details are correct on their system. It probably hasn’t affected you, but better safe than sorry.

Second, to me this highlights, yet again, the importance of proper systems and processes in your finance department.

There is nothing you can do to stop fraudsters amending your details with HMRC, but how about your own suppliers, whose details you keep on your own systems? What processes do you have in place to ensure that their information is safe on your platforms?

The danger of their details being compromised is higher than you think…

For example, before they worked with us, one of our clients lost £18,000 when a (now former) staff member entered into a conversation with a trusted supplier over email.

At the end of the exchange, the supplier casually mentioned that their bank details had changed, and sent over the “new” information, which the team member duly updated.

It later emerged that the email account had been hacked, and that the supplier he thought he knew was in fact a conman. This fraudster had spent time reading previous correspondence between the two and got the tone of the conversation exactly right, making it easy to fool the employee into amending the bank details. And the person whose email he had hacked into never noticed.

The increasing sophistication of these scams means that you have to be more vigilant than ever before about protecting yourself, your company and your people.

The cost of getting this wrong is not just financial – which is painful enough – but reputational as well. If your other suppliers and clients know that their details are not safe with you, they won’t work with you.

Heightened awareness isn’t enough. At Insight Associates, for example, we have very strict protocols dictating when and how the details of any of our clients or suppliers can be changed on our system.

The first person will go through a series of steps, including contacting the client or supplier independently to confirm the change is real and necessary and get verbal confirmation that the bank details are correct. A second signatory checks and verifies the bank details match the paperwork and that the verbal verification process has been followed.

These processes do not just protect against fraud, they also help protect against innocent mistakes.  We have similar processes for processing invoices and payments.

They are critical to any grown-up, professionally-run finance function – and de rigueur in any corporate environment. They need to be standard in yours, too.

If that’s the kind of financial management you need, please get in touch with me today.

Then hit ‘reply’ to this blog or call us on 01279 647 447 to discuss how we might be able to work together.



Get our weekly blog posts

In this blog archive our Managing Director, Garry Mumford simplifies all things financial and shares with us a lifetime of practical financial business advice.


Invest in your business today

Ready to step up, invest in your business and reap the benefits?

Get our blog posts directly to your inbox

"*" indicates required fields

Update Frequency
This field is for validation purposes and should be left unchanged.