Skip to content

View Navigation

Latest News

You are here: Home > News > Mandate Fraud

Mandate Fraud

Mandate fraud is a type of scam that targets organisations like the NHS by tricking staff into changing bank account details for suppliers, contractors, or employees.

This kind of fraud typically happens when a fraudster pretends to be from a legitimate supplier or service provider. They contact a staff member, often by email, and request that future payments be sent to a new bank account – one that the fraudster controls.

Once the change is made, any payments meant for the genuine supplier are diverted into the fraudster's account. This could involve large sums of money, and by the time the fraud is discovered, the funds are usually gone.

When mandate fraud is successful, the consequences can be severe. The NHS could lose substantial amounts of money, which directly impacts our ability to provide patient care and maintain vital services.

Some of the fraudsters who send mandate fraud emails do an awful lot of research before making an attempt.

They may use social media such as LinkedIn to identify key NHS staff. They can find information on our suppliers via NHS and supplier websites or using press coverage.

They may hijack email accounts used by our staff or suppliers, in order to get hold of invoices, bypass security filters, and to lift logos, branding and email signatures. If they can’t hijack an email account, they will “spoof it” - making an email address which nearly matches the genuine one.

Some tell tale signs of a mandate fraud include:

  • Urgency or pressure - the email might suggest that a change needs making as soon as possible.
  • Email addresses - you might notice that an email address has changed slightly. Please be aware that even if the email has come from the correct account, the fraudster could be using a hijacked email address.
  • Missing contact information - fraudsters who hijack genuine accounts or who have copied email signatures usually remove or replace the real suppliers phone number with their own.
  • Timing - mandate fraudsters are often most active when the NHS is at its busiest, such as the summer holidays, the festive period from November to January, and at the financial year end.

Other useful articles can be found in our Counter Fraud Newsletters on the Publications page.