In a recent article published by the FCSA, a warning has been issued to recruitment agencies that refer candidates to umbrella companies. It’s become apparent that criminals are pretending to represent well-respected umbrellas under fake companies (with almost identical names) in an attempt to trick agencies into sending payments to wrong bank accounts. Here’s what we know so far – keep reading.
Giant Pay was targeted by a cyber attack
On the 22nd of September, the leading umbrella company, Giant Pay, was forced to shut down all activities due to “suspicious activity” on its network. Over a week later (on the 1st of October), Giant Pay released a statement on their website confirming that they had made over 18,000 payments and “paid all outstanding payrolls”.
The announcement by Giant Pay shook the entire contractor payroll industry. Firstly, it must have been an extremely stressful ordeal for the many staff members at Giant Pay – many of whom would have been working around the clock to resolve the situation. Secondly, the actions by cybercriminals left thousands of hard-working contractors and freelancers without their pay – which is unimaginable.
Thankfully, the problem appears to be under control now, and we hope those responsible are held accountable. We also anticipate the industry learns from these events, and umbrella companies do more to protect their networks and infrastructure from security breaches.
FCSA issues warning to recruitment agencies
While undertaking due diligence checks on FCSA members, the professional body became aware of umbrella company cloning. Several companies had been created to sound remarkably like existing umbrella companies – and this poses a severe threat to the supply chain of temporary workers.
In an article on the FCSA’s website, they state:
“We noticed recently that some member firms appeared to be the victim of cloning, where individuals set up a company that perhaps has one letter changed from the bona fide company or has another word attached to the name of the bona fide company.
Around ten FCSA member firms appear to be subject to cloning, and we have worked closely with those FCSA firms to both highlight the issue and ensure that they have been in contact with their agency partners. In addition, we have notified agencies and end hirers via our September newsletter, which is circulated to over 5,000 subscribers, to ensure that they are fully informed of the issue.”
Phil Pluck, CEO at the Freelancer and Contractor Services Association (FCSA), said the following about the threat of umbrella company cloning:
“I can only assume that this cloning activity is designed to persuade others to think that they are dealing with a legitimate partner and that there is a financial motive underlying this activity.
This is not just aimed at FCSA companies, and so I would advise any agency dealing with any partner company where money is transferred to agree on a clear transfer protocol with their partner and to treat with caution any approach that states that banking arrangements have been altered or bank accounts have changed and that funds should now be diverted to that account.
We live in a highly cynical cyber world where there are many attempts to steal money from innocent parties. Thanks to the detailed due diligence checks that we have in place at FCSA, we were able to alert FCSA members and their partners to this issue at the earliest possible moment.”
Cloning in the recruitment sector isn’t a new phenomenon
Sadly, this isn’t the first time cloning has been undertaken by criminals to target recruitment agencies. In a recent article on Contractor UK, a leading source of information for temporary workers and interim recruitment professionals, we are reminded that it’s happened before – with severe consequences:
“Indeed, cloning in the recruitment sector is not new. For many years, fraudsters have cloned genuine hirers to offer fake jobs to recruitment agencies, in attempts to trick the agencies into placing contractors into those roles — all the time paying the contractors weekly as recruitment agencies do, only for them to find out later that no payment has come from the (fake) hirer! The result was genuine agencies being left thousands of pounds out of pocket, often by as much as £50,000. The new brolly cloning spree on Companies House feels like a spreading of that same toxic activity.”
How can contractors and recruitment agencies identify umbrella company cloning?
Identifying umbrella company cloning is very important because if you fall victim to it, you could suffer. Here are some tips we learnt from a recent Contractor UK blog:
- Check and see who is behind the company in question. Do they have a legitimate and established website?
- What is their online presence like? For example, do they have active social media pages?
- How long has the company been around? Is there much history available on Companies House, and has the company filed accounts yet?
- What is the name of the limited company, and is it very similar to established companies? Umbrella company cloning has occurred because unethical individuals have launched companies with highly similar names to others – to trick others.
- Does the director or directors have other companies that appear to be suspect? For example, do they have a list of companies similar to existing umbrella companies (a good example of serial umbrella company cloning)?
- Are the directors based outside of the UK? It’s common for criminals to launch companies from far away.
Will umbrella company cloning result in the sector being regulated?
Hearing stakeholders call for the umbrella company industry to be regulated isn’t new. We’ve even written a blog entitled ‘Should Umbrella Companies Be Regulated‘ where we support the concept of regulating the industry if it’s done appropriately. However, umbrella company cloning and the security threats faced by Giant Pay would probably still have occurred – regardless of whether there were government regulations in place or not.
The attack on Giant Pay (and let’s not forget that Unified Payroll announced a similar security breach recently, too) was carried out by criminals who would still target umbrella companies – regardless of whether regulations were in place. It’s not clear what security Giant Pay had in place. Still, as a responsible and well-respected umbrella company – hopefully, they had extensive protection in place.
Giant Pay is an FCSA accredited umbrella company, meaning it has undergone a series of assessments and audits to ensure they operate compliantly with government rules and regulations. They are not amateurs. They are a well-respected umbrella company that has suffered considerably as a result of criminal activity. If regulating the sector helps protect temporary workers and ensures non-compliant umbrella companies disappear, who could argue against it? We think that blaming the cyber-attack on a lack of industry regulation is a cheap shot that isn’t justified.
Top 10 umbrella companies
If you’re looking for an umbrella company you can trust, you’ve come to the right place! Our top 10 umbrella companies list only includes UK-based umbrella companies with an FCSA or Professional Passport accreditation – so you know you’ll be in safe hands. And, some have special offers at the moment. Please go and check them out.