KEEPING YOU SAFE FROM FRAUD.

At TMA our aim is to help keep our Directly Authorised members and their customers safe. To support this, we have collated a number of useful tools and information on the latest types of financial fraud or scams to help prevent you from falling victim to Fraud.

Some of these items can be shared on your own website to help raise awareness with your customers.

Fraud is often viewed as a victimless crime. So, does it matter if you see an exaggerated earnings figure on an application and did nothing about it? It does matter. For example, we pay for banking fraud through higher bank charges. We pay for insurance fraud through higher premiums on our policies.  The list of examples throughout firms regulated by the FCA goes on. Directly or indirectly fraud costs millions of pounds a year.

Fraud can be described as a deception deliberately practiced in order to secure an unfair or an unlawful gain, or to cause a loss to another party.

“Since the start of the pandemic we have seen an increase in fraud prevention cases, of which a significant proportion highlighted concerns regarding Bounce Back Loans or COVID-19 related Grants.”

TYPES OF FRAUD YOU MAY COME ACROSS IN YOUR ROLE AS AN ADVISER...

MORTGAGE FRAUD

Identity fraud or ‘ID theft’

CYBER FRAUD

INSURANCE FRAUD

Bank statements showing salary credits by faster payment

BTL mortgages for residential purposes

Data manipulation

False payslips and bank statements

There are three principle fraud offences.

Making a false representation

A representation is false if the person making it knows that it is untrue or misleading.  It can be express (stated in writing, spoken or online) or implied (communicated by behaviour).  For example, saying you earn £50,000 per annum, when you actually earn £30,000 per annum.

Failing to disclose information

This involves knowingly failing to disclose information, where there is a legal duty to disclose it.  For example failing to disclose that you are unemployed (having just been made redundant) when asked to declare your current employment, when applying for a loan.

Abusing a position of trust

Abusing a position of trust can involve failing to do something, as well as taking a particular course of action.  Collecting lender fees on behalf of a lender but diverting the payments into a personal bank account instead.

Helping you to spot mortgage fraud

  • Get you know your customer closely and carry out robust identity checks – this can be using due diligence forms and checklists
  • Get to know your introducer
  • Read Anti-bribery & Corruption policies and procedures
  • Have a robust recruitment process in place for all new and training advisers
  • Enhanced due diligence checks for higher risk cases, such as:
    • Non face-to-face meetings
    • High value loans
    • Internet or online referrals
  • Check the transparency of the transaction – think – does it look right?
  • Where is the deposit coming from? Does it look like legitimate? If not, there is no harm in doing extra checks
  • Sense check employment – is there a clear employment policy and correct tax bills etc.
  • Do bank statements confirm lifestyle and employment?
  • Sense check the transaction and property – Does it suit the customer’s needs and lifestyle?

The challenge for advisers is the quality of such false documentation which constantly improves. This means that increasingly wider due diligence checks are needed to assess the overall plausibility of any given scenario in order to detect a fraud. So, what should advisers should look out for?

  • Be wary of new employments or clients working in a family business
  • Analyse bank statements closely to confirm that salary credits match the income noted in the payslips
  • Consider requesting the last P60 for employed clients
  • If appropriate request older payslips and statements, not just the last three months
  • Consider telephoning the employer to confirm employment
  • Check the employer website – is the client mentioned in any “meet the team” section
  • Use an on-line tax calculator to check that income tax has been deducted at the correct rate
  • Check supplied documentation for outgoings and other income sources – such as child benefit, working tax credits etc. and satisfy yourself that it is appropriate for the client to receive these based on other information supplied
  • Look for errors in income documents or changes in format
  • Review Companies House data for self-employed clients (where possible) to check when a company was incorporated, who is connected to it and so on

Reporting mortgage fraud

To report mortgage fraud contact your Principal, Company, Network, or your support service provider. they can assist you with next steps.

You can also report a fraud incident on the FCA website or on the Action Fraud website or by calling 0300 123 2040.

TMA FRAUD UPDATES...

PHISHING ALERt – FCA FIRM DETAILS CONFIRMATION

There have been several reports of recent phishing attacks who have been sending out fake emails impersonating the FCA, requesting completion of firms’ details in accordance with the FCA handbook SUP 16.10.4R.

Click here for various steps you can take to stay safe.

Information security – ‘Log4j’ vulnerability

You may have seen in the news recently about the ‘Log4j’ vulnerability that has been discovered and announced around the globe.

The vulnerability is serious because exploiting it could allow hackers to control java-based web servers and launch ‘remote code execution’ (RCE) attacks.

Phishing Alert – malicious e-mail receipt

We have been made aware of a malicious e-mail going around claiming to be from Bespoke Financial (North West), a firm which has no links to TMA, this is a phishing e-mail and should be discarded.

To view the additional correspondence as well as some tips on how to avoid phishing in the latest Fraud update.

Phishing Alert – digital coronavirus passports

Action Fraud have recently issued an alert after receiving high number of reports of a circulating scam email regarding ‘digital coronavirus passports’.

To view the additional correspondence as well as some tips on how to avoid phishing in the latest Fraud update.

Social Engineering via Social Media

Social engineering is a type of cybercrime that involves manipulating someone into taking a specific action or divulging confidential or personal information.

Find out how you can take appropriate measures to make it harder for cyber criminals to target you, in the latest Fraud update.

USEFUL INFOGRAPHICS...

Download these useful Infographics from the National Cyber Security Centre.

You can use them within your own business, to ensure you as advisers are aware. There are many more available on their website here.

USEFUL TOOLS TO HELP YOU FIGHT FRAUD...

FREE CYBERCRIME PREVENTION VIST NOW

ACTION FRAUD WEBSITE VIST NOW

UK FINANCE FRAUD FACTS VIST NOW

TAKE FIVE WEBSITE VISIT NOW

TAKE FIVE TOOLS & DOWNLOADS VIST NOW

TAKE FIVE LATEST NEWS VIST NOW

NATIONAL CYBER SECURITY CENTRE VIST NOW

FINANCIAL CRIME AWARENESS POSTERS VIST NOW

TWO-FACTOR AUTHENTICATION (2FA)...

Guidance from the National Cyber Security Centre.

2FA provides a way of ‘double checking’ that you really are the person you are claiming to be when you’re using online services, such as banking, email, or social media. It is available on most of the major online services. Passwords can be stolen by cyber criminals, potentially giving them access to your online accounts. However, accounts that have been set up to use 2FA will require an extra check, so even if a criminal knows your password, they won’t be able to access your accounts.

The NCSC recommends that you set up 2FA on your ‘important’ accounts; these will typically be the ‘high value’ accounts that protect things that you really care about, and would cause the most harm to you if the passwords to access these accounts were stolen.

When setting up 2FA, the service will ask you to provide a ‘second factor’, which is something that you (and only you) can access. This could be a code that’s sent to you by text message, or that’s created by an app.

What are the different ‘types’ of 2FA?

When 2FA is switched on, you’ll be asked to provide a second factor in order to access your account. There are several types of second factor available:

  • Text messages. Most services tend to offer 2FA over text message by default. During setup, you provide your phone number, and the service will send you a message containing the code to use. Text messages are not the most secure type of 2FA, but still offer a huge advantage over not using any 2FA.
  • Authenticator Apps on your smart phone (or tablet) are the main alternative to text messages. Google Authenticator and Microsoft Authenticator are examples of this type of app. Once you’ve installed one, you can use the same app when setting up 2FA on any accounts that have this as an option.
  • Some accounts also give you a list of backup codes when you switch on 2FA. When asked for a code you can use one of these, but each code will only work once, so you’ll need to create more when you’ve used them all.

There are other second factors, that are offered by a few services. For example, some have apps that just ask you for permission once you’ve logged in. Others let you use ‘security keys’, which are small devices you can buy. You may also be able to use email as the second factor, provided it’s a different email account from the one used to reset your password. If your account offers one of these, and you think it would work for you, then they are all good second factors.

Note: Some services use memorable information or a security question (such as ‘What was the name of your first pet?’) as an alternative to 2FA. These do not offer the same protection so you should still turn on 2FA if it is available.