Last updated: April 2026

Review date: April 2027

Introduction

Social engineering fraud refers to a range of techniques used by fraudsters to manipulate individuals into disclosing confidential information or making unauthorised payments. These attacks often exploit human behaviour rather than technical vulnerabilities and can appear highly credible.

Two of the most common forms are:

• Fake CEO/Executive Fraud – where a fraudster impersonates a senior member of staff and requests an urgent and confidential payment.
• Mandate Fraud – where a fraudster impersonates a legitimate supplier and requests a change to bank account details.

Paint Pots recognises that such fraud presents a significant financial and operational risk and is committed to implementing robust controls to prevent loss.

Staff Awareness and Training

All employees involved in financial processes, purchasing, or payment authorisation must:

• Be made aware of the risks associated with social engineering and mandate fraud
• Receive appropriate training on how to identify and prevent such fraud. (Refresher training and updates will be provided periodically where required.)
• Understand and adhere to the procedures outlined within this policy

Key Risk Indicators

Staff must remain vigilant to warning signs, including:

• Urgent or time-sensitive payment requests
• Requests marked as confidential or secret
• Changes to supplier bank details
• Requests from senior staff that bypass normal procedures
• Poor grammar, unusual tone, or unexpected communication methods