‘Something tells me it’s all happening at the zoo’

28 July 2017

Chester Zoo fell victim to a type of fraud called ‘invoice hijacking’, where fraudsters intercept correspondence between two parties that have an existing contractual relationship and invoice the target for services that have actually been rendered.

Chester Zoo had engaged Laing O’Rourke to carry out construction works for a safari experience valued at approximately £17 million. An interim payment of approximately £1.25 million was due but before the invoice was issued, an email purporting to be from Laing O’Rourke’s finance team informed the zoo that their bank account details had changed for invoicing.

It was a scam. Despite the email attachment being on Laing O’Rourke’s headed paper, signatures were forged and names were made up. The zoo transferred £1.26 million into the bank account details given in the bogus communication from the contractor and within 90 minutes that amount had been distributed to 28 different bank accounts. When the money did not arrive at Laing O’Rourke’s actual bank account, concern was raised and the zoo was alerted to the scam.

The fraudsters were prosecuted and handed suspended prison sentences earlier this year by Bristol Crown Court.

With hindsight it seems obvious it was a scam, with it taking very little to fool the zoo into transferring what the judge described as ‘a breathtaking sum’ of money to the fraudsters. However, fraudsters prey on trust, including the trust built up between parties during their working relationships. It is easy to become complacent when there is a history between parties and the fraud involves only a slight manipulation of the expected process.

Reducing the risk of fraud

It may be tempting to blame people for falling victim to scams and fraud or assume it would never happen to you but, with ever more sophisticated methods being employed by fraudsters, anyone can fall victim and companies should, like a meerkat in the wild, be ever vigilant.

How then can companies running public attractions reduce the risk of fraud?

Companies should:

  1. Query emails supposedly received from suppliers but which are actually from a different email address, particularly if the domain name is different. This can include emails supposedly from solicitors: fraudsters have used these to receive funds from clients.
  2. Never send funds to a new account without first ringing the supplier’s office and speaking to the relevant person about the account.
  3. Be alert to suspicious incidents such as transactions involving parties or suppliers you are not certain are dealing with projects, even if they claim to be involved.
  4. Review names involved if they are unfamiliar and see if there are records of those people working for the company (such as checking the company’s webpage or Companies House if purporting to be from a director).
  5. Look out for alerts and warnings online about increases in fraudulent activities, scams and online hoaxes. The Solicitors Regulation Authority webpage publishes warnings about bogus firms.

It is better to be safe than sorry, and some additional checking or conversations are worth it when the alternative could be a loss of substantial sums and reputation.

‘I love to go to the zoo. But not on Sundays. I don’t like to see the people making fun of the animals, when it should be the other way around.’ – Ernest Hemingway


Something tells me it’s all happening at the zoo’ At The Zoo – Simon & Garfunkel

Ian Smith Author
Ian Smith
Senior Associate
About the author