Last week was a rather exciting week for a Canadian university as a scammer tried to convince the university’s finance department to deposit money into their account. The scammers were thwarted by a Finance clerk who followed procedure. Yes, the superhero in this story is boring, annoying old procedure. Here is how it went down.
The university was building a new student centre. So when a Finance clerk received a request for a direct deposit form that looked like it came from the construction company working on the project, they thought nothing of it. They replied to the email request with the form and instructed the company to complete it and forward it to the Finance VP’s admin assistant, as per procedure.
When the admin reviewed the form, everything looked fine at first glance. However when she called the construction company to confirm that they had sent the request, as per procedure, they learned that they had not.
Realizing that they were being targeted by a scammer. The University staff looked closer at both the emails and the completed form. They discovered two things. First the beginning of the email address was correct, but the word “group” had been added to the end of it. Second the name of the site manager on the form was correct but the signature on the form was clearly forged. Both of these red flags had been missed. However, because both the admin and the clerk had followed procedure, disaster was adverted.
Unfortunately the City of Burlington in Ontario wasn’t so lucky. It isn’t know if procedures weren’t followed or if they weren’t in place. However, when they were targeted with a similar change-to-payment scam, they lost $503, 000 to the scammers.
This is a reminder that procedures are in place to help, not hinder. We are all human. We make mistakes. However, following procedure helps us do our jobs successfully and keeps us out of trouble. Regardless of which department you are in, follow your teams procedures. They are there to help.