County council fraud teams thwarted 2 cyber attacks and prevented £527k in losses

County Hall in West Bridgford.
By Andrew Topping, Local Democracy Reporter

Nottinghamshire County Council fraud teams stopped two separate cybercrime attempts involving criminals trying to change bank account details in order to steal a total of £527,000.

The authority’s business management support (BMS) teams noticed the two incidents when attempts were made to fraudulently alter bank details on a scheduled payment to divert cash into another bank account.

The council has not confirmed which department was targeted by the attacks or when they took place, except that both incidents occurred during the 2021/22 financial year.

However, it states both attempts were “detected and prevented” thanks to measures put in place to monitor bank account amendments following previous incidents where systems had been “infiltrated”.

A report published ahead of the council’s governance and ethics committee, which sat on Thursday afternoon (July 21) stated 250 attempted amendments have been made to various vendors’ account details in the past year.

Because of these attempts, council controls have been enhanced with further reviews planned to “raise awareness” to its suppliers of the cyber fraud risks.

The two incidents were addressed during the committee discussion, with concerns raised over the amount of money targeted by the fraudsters and questions asked about how the authority managed the situation.

Councillor Richard Butler (Con), who represents Cotgrave, said: “It’s inevitable that we have to look at fraud – it’s a fact of life but we seem to be on top of things very well.

“This is a large amount of money and was two cases. It must have been quite dramatic to have two incidents with more than £500,000. I suspect we’ve got plenty of systems in place to ensure there aren’t similar cases.”

In response, Simon Lacey, interim chief internal auditor at the council, told the committee the two attempts were flagged by the authority’s BMS team before any funds were taken from its account and both the council and its bank were also alerted.

He said: “This was quite happily prevented, it didn’t get paid out and was stopped in the first place.

“That’s a credit to the [business management] team, they spotted and put in the correct checks.

“This is a classic example of cybercrime or a cyber attack, what they attempted to do was pretend to be someone who wanted to change bank accounts to make a payment to a different payee – i.e. themselves.

“But we have systems in place to double check that is actually the right person or organisation before any changes are made, and then indeed to alert both the bank and ourselves before it takes place.

“The payment was never made, but we could track who started the process off. There’s this preventative measure taking place and, be assured, no money left the council’s account.”

He added the council works with the National Crime Agency, Action Fraud and the City of London Police during incidents like this, ensuring criminal agencies are informed of fraud attempts.

However, he could not confirm whether criminal prosecutions had been taken in relation to the two incidents.

The report, noted by councillors during the meeting, included a series of other fraud incidents prevented and detected by the authority in 2021/22.

In total, 45 incidents totalling £670,807 were either detected or prevented in the year, with other activities including pension and social care fraud and misuse of blue badges for disabled parking.

This total was up from the £387,823 figure recorded for 2020/21 when 64 incidents of fraud were detected across the year.