View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 30, 2010

Fraud: no laughing matter

We are so used to hearing that computer security is an ongoing arms race where you have to be eternally vigilant. It's not often enough, though, that we get specifics of why we need to keep on our toes, so the quite disturbing scam that's caught out South Lanarkshire Council is very instructive

By Cbr Rolling Blog

We are so used to hearing that computer security is an ongoing arms race where you have to be eternally vigilant. It’s not often enough, though, that we get specifics of why we need to keep on our toes, so the quite disturbing scam that’s caught out South Lanarkshire Council is very instructive.

And scary; I’m sorry to say, as a journalist, that this episode shows why you really, really don’t want your security snafus covered in the press, as it will only make it worse.

So the facts are these: the Scottish local authority in question lost £102,000 after it was conned by a letter that claimed to come from one of its regular, kosher suppliers asking for payments be made into a different account.

Finance complied, apparently without checking the request was genuine, and the £102,000 was sent to the forger’s bank account. The Council is now working the Police to see if there are any other possible examples, while a national (Scottish) investigation is now underway to see if any other Town Halls have been similarly stolen from, and of course to attempt to trace the gang.

Some press reports seem to think this is a bit amusing, citing ‘ironic’ details that make South Lanarkshire look foolish. To whit: the council has a £55m budget shortfall (so can hardly afford to waste this sort of money) and its own Trading Standards department had in parallel sent out a letter to residents reminding them that any communications asking for bank details "should set alarm bells ringing" (crooks had been calling residents to tell them their homes have been put in a lower council tax band and asking them to hand over their bank details to receive a refund).

But that of course isn’t the case here, as the duped Finance person didn’t do that – they thought they were dealing with a real supplier. And while we think the gang involved is from West Africa, the theft isn’t your usual 419 nonsense, it was proper, nasty thievery with forged documents: the whole nine yards.

Content from our partners
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business
When it comes to AI, remember not every problem is a nail

One Scottish paper added the piquant detail that the council is not insured against outside fraud and that the burghers have had to pay the £102,000 to the real suppliers to boot.

It’s a mess, and this is very sad for a perfectly good council that’s been made to wear a Dunce’s cap. Learnings: there should have been a better (EDRM-based?) accounting process. Two, no-one is perfect. Three, if you don’t think this could happen to you, you’re on the brown acid. And four: if you’d like to be the head of Finance in this team – let alone the poor soul who pressed the ‘go’ button on the BACS transfer – then you truly are a masochist.

Security is not a funny subject. Look at this car wreck, learn, move on and stop sniggering like a schoolboy.

Clown image courtesy of SpiritMama on Flickr.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU