Categories:
Maintained Schools Business Managers, Administrators

Fraud alert

We’re aware of an increased risk of fraud where supplier email accounts are misused to access the IBC Supplier Self‑Service portal.

Once access is gained, fraudsters can attempt to change secure control details (such as mobile phone numbers) and bank account details, with the aim of diverting supplier payments to their own accounts.

This type of fraud can result in significant financial loss if changes are processed without appropriate verification.

What to look out for

All buyers and shoppers using IBC should be alert to the following red flags, particularly where more than one is present:

  • Suppliers contacting you directly to request changes to their supplier account, rather than using the IBC Supplier Self‑Service portal
  • Requests to bypass existing processes or controls, or to intervene manually
  • Requests to change both the supplier mobile phone number and bank details
  • Emails claiming a different bank account must be used for payments, often citing a recent audit or internal review
  • Urgent or pressurised requests, including repeated follow‑up and chasing actions
  • Poor spelling or grammar, generic greetings or an unusual or awkward tone
  • Suspicious email addresses, for example where a genuine address has been altered slightly
  • Microsoft Outlook warning banners such as “You don’t often get emails from this sender”

What to do

  • Refer any suppliers who contact you directly requesting changes to their supplier account to the IBC, so the correct verification process can be followed
  • Do not attempt to make changes yourself or raise IBC enquiries on behalf of suppliers
  • Follow the established process for supplier account changes, which must be completed directly by the supplier with the IBC
  • If the layout of an invoice has changed, confirm it with the supplier, as fraudsters may submit fake invoices after changing details
  • If anything feels unusual, urgent or out of character, stop and do not proceed
  • If you have any concerns or doubts, contact the finance helpdesk immediately before taking any action - Finance.Helpdesk@Oxfordshire.gov.uk

Reminder

Supplier bank and secure mobile changes must only be made through the correct process. Requests to bypass these controls increase the risk of fraud.