Fraudsters may be tricking your employees without your awareness
Thursday, July 4th, 2019
Gisela VilaBack to blogs >
This could cost your business £23,055.
Do you think you could detect a scam so easily? The common phishing scams that we all know have evolved to a more sophisticated level of advanced business fraud. Payment fraud occurs when businesses of any size are tricked into paying money to a fraudster rather than to a legitimate payee. Once the payment has been made it's difficult to trace the funds, and they are rarely recovered.
We'll point out the three main business fraud variations that could occur in any business, including yours:
CEO Fraud relates to the fraud where cybercriminals use social engineering to impersonate an executive and generate unauthorized wire transfers or other forms of payment or to acquire sensitive information such as tax records that can be used to steal funds.
When fraudsters gain access to internal email addresses it's known as Business Email Compromise (BEC) fraud. You should be aware of this one if your business works with foreign suppliers or businesses that perform regular transfer payments.
A third form of fraud is Invoice Redirection and Mandate (IRM) fraud. This targets a company's customers with false payment invoices and payment directions, either by modifying existing ones to benefit the fraudster, or making them up out of the whole cloth.
How much does Business Fraud cost to the UK?
UK Businesses are being increasingly targeted, since they are seen by fraudsters as easy victims. They are often very good at making the fake payment seem like a matter of urgency and pressuring people into acting without making routine checks that would reveal the fraud.
In the first half of 2018, CEO fraud cost UK businesses £8 million, with 347 cases reported at an average value of £23,055. Invoice Redirection fraud was even more widespread, costing over £49.3 million over a reported total of 2856 cases (1). However, these figures are certainly low compared to the truth, as many companies would not want their reputation tarnished by admitting they were fooled.
The scale of the problem is only just becoming clear to UK CEOs, even though 37% have either been targeted by or know of a business that has been targeted by business fraud. When polled, 76% were shocked to discover the extent of losses caused by Business Fraud, and over 73% stated a belief that the fraudsters are currently ahead of the business community (1).
Despite this growing awareness of the scale of the problem, there are still SMEs that ignore the issue, and even fewer who have actually put measures in place to combat it. Almost a third of all small businesses (31%) remain unaware of business fraud or its impact and 57% believe that losing employees or clients is a more critical threat to their businesses than fraud. As a result, 54% of businesses in the UK haven't yet implemented any technique yet to prevent payment fraud (2).
Logically, those businesses who have been victims of payment fraud are reasonably more aware of fraud impact, that's why a 71% of SMEs who have been duped out have taken a step forward to prevent fraud again within their business (2).
(1) Mastercard Vocalink Services Business Fraud report 2019.
(2) 'Small Business Fraud: Why you could be a victim' – Small Business.co.uk, 6th Feb 2018
How can your business avoid Business Fraud?
Financial services fraud isn't just a matter for the affected businesses; it demands mutual collaboration from governments, financial institutions, regulators, payment system providers and the businesses themselves. In the short term there are few aspects businesses can start implementing:
- Bring fraud awareness to all business departments, not just accounting teams.
- Verify any request from the MD or CEO and doublecheck it with another team member.
- Start implementing checks within the email addresses and writing mistakes in the email.
- Update any anti-virus-software as part of day-to-day business practice.
- Pay special attention to any suppliers or clients' request to payment details.