Fighting fraud: How to protect your business against four common scams
FSB 30 Jul 2021
Fraud costs businesses millions every year. Learn more about the common scams to watch out for and how to protect your small business against fraud with tips from The Co-Operative Bank, provider of FSB Business Banking.
In 2020, businesses lost £52.5 million to invoice and mandate scams alone – and it’s not just big names that are being targeted. Fraudsters don’t discriminate and the effects of this type of crime to businesses, people and their families can be devastating. As a small business owner or sole trader, you can also be at risk of invoice fraud, CEO fraud, impersonation scams and online fraud.
Whether you’re working alone or running a team, awareness is vital for combatting criminals and protecting your business. The Co-operative Bank, provider of FSB Business Banking, explains four common types of fraud you need to be aware of and how you can avoid falling victim to these scams.
What is it?
Invoice re-direction fraud happens when a criminal contacts your company posing as a genuine supplier, tradesman or solicitor, and asks you to change the bank account details you use to pay them. This can be done by a hacked or spoofed email, a fake letter or by telephone.
It’s not difficult for fraudsters to find out your invoice details. They’ll spend weeks or even months gathering information using company websites, social media and blogs for details of high-value contract details, company employee structures and supplier partnerships.
Often, the fraudulent payment is only discovered when the genuine supplier chases for non-payment. Small businesses are particularly vulnerable to invoice re-direction scams as they can cause huge financial loss.
What can I do?
- Always check any change of bank account or payment arrangements directly with your supplier and use established contact details only.
- Agree at least two designated points of contact with all your regular suppliers.
- Carefully scrutinise all invoices you receive – look out for misspellings or slight changes to email addresses.
What is it?
CEO fraud happens when a fraudster impersonates you as the business owner or managing director, instructing the employee to make an urgent payment outside of normal procedures. They often target a company’s finance department via a hacked or spoofed email. Even if you only run a small team, you and your employees should still be alert.
The emails are very convincing, and the member of staff will do as their ‘boss’ has instructed, sending the funds to account details quoted, only to find out that the account is controlled by fraudsters.
What can I do?
- Educate your employees about this type of scam and the tricks fraudsters may use.
- Always validate any urgent payment requests in person or over the phone, especially if it’s outside of the usual process.
- Avoid replying directly to the email until you’ve validated the request.
- Regularly communicate with your finance department if you have one.
- Take care when emailing confidential information.
What is it?
Impersonation scams are a variation of social engineering. It happens when criminals contact you out of the blue, often pretending to be the police, a bank or other trusted organisations such as HMRC, Microsoft or a well-known broadband provider. They try to manipulate you into transferring money into another account by creating a sense of urgency, or by coercing you to download software on to your device, which gives them access to your bank account.
Fraudsters pretending to be from your bank, the police or a well-known service provider, may tell you that:
- Fraud has been identified on your account, or an urgent security check is required, so they need your passwords or PIN.
- You are due a refund and need to provide your card details or account information.
- Your bank is under investigation and, posing as the police, give you a ‘safe’ account number to transfer your money in to; or ask you to withdraw it and meet an officer to hand it over.
- Your internet broadband has been compromised.
- You need to download software, or click on a link in an email, that allows them to remotely access your device.
Neither your bank nor the police will ever ask you to move your money to another account to keep it safe.
The internet brings many benefits, but it also gives criminals the chance to steal your personal or financial information through computer malware, fake emails, websites or social media accounts. It’s important to know the basics of how to stay safe.
How can I protect my business online?
- If you access online banking through a tablet or mobile phone, we recommend you set up strong passwords or passcodes on your device and keep it locked when it isn’t in use.
- It’s important that you avoid using a search engine or search engine adverts in order to access online banking.
- Always type the website address in to the address bar instead. That way, you’ll know you’re on the official website.
- Criminals can create fake websites to look exactly like the genuine one but with slightly amended web addresses. These are then presented to victims when they search for their bank through search engines.
- Never tell anyone the codes from your security token or those generated from the app.
- Never allow anyone to access your device remotely.
- If you are asked to download software and then asked to log in to online banking, it’s a scam.
- Protect your device by downloading security and anti-virus software, keeping them updated when prompted.
- Don’t overshare your information on social media – be careful what you post.
- Check your privacy settings to help ensure you are only sharing with people you want to.