A TIAA client has been targeted by fraudsters in an attempted mandate fraud.

The fraudsters have purported to be from Leda Orthopaedics, a supplier used across the health sector, and the fraudulent email advises that confirmation has been received from their account receiver department that their ‘usual bank account is going through a yearly tax audit process and cannot receive any payment for now.’ The email then requests that all payments are sent to their updated banking detail. They request confirmation of receipt of the message and to forward the new banking information to their Finance Department.

Note: the correct email domain for Leda Orthopaedics is @ledaortho.com; however, the fraudulent emails have been received from the domain @ledoartho.com. It is possible that other variations could also be used.

These fraudulent email addresses often contain a small change in detail that is difficult to spot. The email content may seem genuine, with the name of the sender known to the organisation and a genuine email signature used.

What is Mandate Fraud?
  • Mandate fraud is commonly described as ‘change of bank account scams’, ‘payment diversion fraud’ or ‘supplier account takeover fraud’. Mandate fraud usually occurs when a fraudster gets an organisation to change a direct debit, standing order, or bank transfer mandate, by purporting to be from a genuine supplier that regular payments are made to.
  • If the health body accepts the fraudulent request, the payments are then diverted into the criminal’s bank account. The genuine supplier details are usually obtained from a range of sources including corrupt staff, publicly announced contracts, and online logs of supplier contracts.
Mandate Fraud Prevention Advice

When contacting a supplier this should be done using the supplier’s contact details found in existing records held by the health body and not from information supplied in a change request.

If there should be a need to amend bank account details, suppliers should be sent a bank account amendment form for their finance director or company secretary to sign, confirming the change of bank account details. Information provided on the amendment form should be checked against the health body’s existing records before any change is made.

A senior member of the finance team should always review any change of bank account details and formally authorise this.

For more fraud and bribery information, please contact Melanie Alflatt, Director – Operations via fraud@tiaa.co.uk.