CEO spoofing is when fraudsters impersonate a senior member of staff in order to get employees to send them money. This scam is often successful as employees are reluctant to question the authority of the senior colleague, even if the request seems out of the ordinary.
In the first half of 2021, criminals stole a total of £753.9 million through fraud and scams, this is an increase of over 30% compared to the same period in 2020.
Whether you’re looking to protect your business from being hit in an already challenging environment, or are looking for ways to protect yourself and your loved ones from a potentially devastating experience, we’re here for you.
Here’s our low down on the latest scams to look out for and our top tips on protecting your personal data and your money.
Why should businesses be concerned?
Fraudsters are turning to more sophisticated methods of scamming businesses out of money, so it really does pay to make sure everyone in your organisation is being vigilant at all times.
Tips for avoiding fraud in your business
Take 5 To Stop Fraud
Common scams to look out for within your business
Look for signs that the communication hasn’t come from the person you know. Does the tone seem off? Fraudsters will often add an element of urgency to scare people into acting before they think.
If in any doubt, call them. If it’s a genuine request, they’ll be happy to speak to you about it, and it will no doubt be a much nicer conversation than the one you’d be having after the fraud has taken place.
Report it straight away, and make others who may be at risk of being targeted aware of it to make sure nobody else is caught out.
If possible, come to an agreement within the organisation that, should a payment need to be made urgently, outside of regular procedures, the request can only be made via phone. That way, if you do receive an email request, you’ll know it’s not genuine right away.
If you think you may have fallen victim to the scam and funds have already been sent, report it immediately to your bank or financial services provider and then contact Action Fraud. It’s also vital to that you let any other relevant colleagues know so that they are aware to be vigilant.
Invoice fraud is when a criminal poses as a legitimate supplier to a business in order to divert payments.
Criminals who specialise in this type of fraud are often aware of the relationships between companies and their suppliers, knowing when regular payments are due. Equipped with sophisticated information, they make contact with finance teams, posing convincingly as suppliers, having the bank details changed to their own.
Payments can sometimes be repeatedly made to them, with the fraud is often only discovered at the point when the legitimate supplier of the product or service chases for non-payment of invoice.
It’s very tough to spot as criminals have gotten very good at disguising themselves, but as long as you make sure you check all requests thoroughly you should be able to protect yourself and your company.
If you see attempts of invoice fraud coming into your business, it’s vital that you let colleagues know what to look out for themselves – if they’re trying to contact you they’ll be likely trying to contact others within the organisation too.
Make sure you have a rigorous procedure in place for validating requests to change supplier bank details. It may feel like a pain for those genuine requests, but it really is better to be safe than sorry because getting those funds back from the fraudulent account is very difficult. Your bank are unlikely to offer a refund for any funds lost.
If a supplier contacts you to make a formal request for bank account details to be changed, always verify with that supplier using their on-file details.
It’s important that everyone inside a business is warned of the dangers of invoice fraud, and that everyone knows to always check invoices to identify potentially fraudulent transactions as soon as possible.
If you think you may have fallen victim to a scam and funds have already been sent, report it immediately to your bank or financial services provider and then contact Action Fraud. It’s also vital to that you let any other relevant colleagues know so that they are aware to be vigilant.
Phishing is a fraudulent attempt to gather sensitive information by sending emails that are designed to look as though they’re from a legitimate company.
Most people are aware of phishing within their personal email accounts but it’s not as recognisable when it comes to business, though it is still a very common way of fraudsters committing their crimes, so it should be front of mind.
Attackers often used a trusted brand to hide behind as they try to get you to reveal information such as usernames, passwords and credit card details.
Always read electronic communications carefully. If you spot anything that’s out of the ordinary, such as a spelling mistake or an apparent lack of personalisation (ie referring to you as a valued customer instead of by your name), be careful.
Also, compare this communication against previous genuine ones if you still have them stored – have they changed their approach? Their branding? Their tone of voice? If so, proceed with caution.
If there’s any doubt about it, don’t do what the communication asks of you. Either call the company directly on a number you know is legitimate (not one provided on the email) and never click links or open attachments. Whatever the communication is, you should be able to find reference to it some other way, whether that’s by visiting the company’s website directly or speaking to them on the phone.
If you do notice anything suspicious, the main thing is not to click any links, call any numbers or open any attachments. This is how they gather the information from you.
Instead, report it to your information security or IT department. If your business doesn’t have anyone internally who would deal with this, report it as spam in your email client.
Report it to the relevant department, they may be able to blacklist senders,the best advice in this case is just to remain vigilant to avoid getting caught out.
If you have already given your personal details away, including any bank account information, contact the fraud team of the associated bank for advice and to alert them. You can also request a protective registration marker be placed on your credit file, this will ensure you are alerted should any new applications be made using your details. Please visit Cifas.
In an authorised push payment scam, a fraudster tricks their victim into sending money directly from their bank account to an account which is controlled by a criminal.
This is usually done by the fraudsters deceiving their victim, persuading them that they are speaking to a trusted organisation, such as their bank or the police. This is a crucial factor in the success of their scams. Typically, they contact their target through a number of channels including telephone, email and text message.
In some cases fraudsters will trick their victims into believing that their business bank account is at risk and that they need the online password and security token responses in order to ‘protect the account’. This then allows the fraudster direct access to transfer funds from the victims account.
Once the fraudster has successfully managed to gain access funds, they will remove these from the criminally controlled account immediately. This often involves sending the funds onwards to multiple other accounts, making the money harder to trace and recover.
If a customer authorises the payment themselves or releases their confidential online security credentials and passwords, current legislation means that they have no legal protection to cover them for losses.
Just because someone knows some details regarding your business - such as the address, your relationship manager or suppliers – does not mean they are genuine.
Banks or trusted organisations will never contact you asking for your online security credentials including full password, or to transfer money to a safe account.
Never give out your personal or financial details unless you are absolutely sure you know who you are dealing with.
Always question uninvited approaches asking for information – it could be a scam. Instead, contact the company directly using a trusted email or phone number to check the request is genuine.
If you think there has been fraud on your bank account – or if you suspect anyone has attempted to compromise your financial details – report it immediately to your bank or financial services provider and then contact Action Fraud.
Trust your instincts: If something feels wrong then it is usually right to question it, if you feel under pressure to act quickly then this can be a warning sign something isn’t right.
Stay in control: Be confident - refuse unusual requests for personal or financial information. It’s okay to stop the discussion if you do not feel in control of it.
Crucially, ensure that any colleagues in your own business with financial control are aware of the risks and would know how to spot something suspicious.
Get in touch with us right away if you think you’ve fallen victim to fraud. If you are suspicious about an email that you have received which purports to be from Mitsubishi HC Capital UK PLC or from any of our Novuna brands please contact firstname.lastname@example.org.