Hamilton Academical had been in rude financial health.
They had nearly £1m in the coffers and posted profits every year since 2009. The club were a long way from the dark days when they struggled with debts topping £4m.
However, over the course of 24 hours, one of the Scottish Premiership’s smallest sides saw its finances wrecked by an elaborate lie.
A fraudster convinced an employee that the club’s money was at risk from thieves within the bank, and to protect the cash, he’d have to move it.
It was, in fact, a confidence trick that led Accies to lose nearly every penny and into a legal dispute with RBS.
How did it work out so well for the Accies fraudsters?
The scam began with a phone call on October 9, claiming to be from RBS cyber security.
The con artist masked his identity using software to mimic the bank’s official fraud line.
Using the pseudonym Stuart Davis, he lied to club officials that there had been suspicious activity on the account, including a large payment made out to a fertiliser company in Spain.
He asked for a former director by name to be told he was no longer at the club.
Before 4pm, Davis was put through to the sole authorised account user – a Hamilton stalwart with years of experience – and the scam played out.
In a written narrative shown to STV News, fraudster Davis is reported to have told the employee “that he was in the RBS internal fraud investigation set-up, and that he was investigating suspicious activity within our Customer Relationship group”.
Davis’ complex ruse involved convincing the employee he was the real fraud investigator, while the bank were the thieves.
He asked the employee to send two payments to other accounts, assuring him they would be caught in the “RBS cloud” before being sent back.
The transactions for £40,000 and £70,000 resulted in RBS suspending the account and contacting the employee.
But he’d been instructed to lie to the cyber security team.
The narrative states: “[Davis]stressed the importance of not doing or saying anything that might alert the Relationship team and allow them to cover their tracks.”
The employee told the real RBS employee that his computer was running slowly – a possible sign of malware – but that it was “nothing special”.
He also denied speaking to anyone else about the accounts and the payments were waved through.
Subsequent payments flagged up no problems for RBS. The employee was encouraged by Davis to use player names and football clubs to disguise the real purpose of the transactions.
By 5pm, the fraud yielded more than £250,000 over six payments.
The following morning, the employee contacted the RBS fraud number provided to him by the scammer.
He was told that Davis was an “important person” and this allayed his fears. When Davis called at 8am, he agreed to make further payments.
Over the course of the day, 20 transactions were made from the club’s three accounts.
The employee sent text messages to chief executive Colin McGowan and others to inform them that there were “problems” but to also reassure them that the issue was in hand.
By 3pm on October 10, the accounts were emptied. Davis told the employee that he would “complete the clean-up operation that evening and get all the monies back in place”.
He assured him that he would call back by 9pm.
However, no call came and by the next day, the employee knew he was the victim of fraud worth £989,000.
The scam was a well-used technique known as ‘voice phishing’, or ‘vishing’.
Detective inspector Graeme Everest, of the economic crime unit investigating the Accies fraud, said: “It is a fraud where individuals or businesses are contacted by the criminal, usually through telephones.
“They are coerced into providing the protective data and through that, the fraud is committed.
“There has always been crimes that have been committed through this kind of process.
“We have seen a wee bit of a spike last year and have number of investigations ongoing in respect of that.”
Police Scotland are currently investigating more than a dozen high-value frauds against Scottish businesses.
He added: “We believe there a number of different crime groups working in the Glasgow area and involved in this kind of crime.
“We also believe they are not just linked to Glasgow. There are individuals in England as well who are targeting Scottish banking customers.”