Fighting Fraud - The Golden Rules to Protect Yourself

Fighting Fraud - The Golden Rules to Protect Yourself

Peter Quilter, director of Corporate and Commercial banking, looks at how to avoid falling victim to fraud.

Fraud today is sophisticated, organised and lucrative. With every sector of the economy facing this threat, businesses should recognise that there are important steps they can take to protect themselves.

Today's fraud

The nature of fraud against businesses is constantly changing. Previously, it would take the form of petty scams. Nowadays, fraudsters are much more likely to target an organisation via a telephone or a computer. Fraud is a massive industry in itself – the cost of fraud to the economy last year was an astonishing £52bn.

While banks are of course targets for fraud, today businesses are firmly in the firing line, with virtually all sectors of the economy under threat from fraudsters. Apart from the financial loss, fraud can cause difficulties for organisations trying to manage cash flow, lead to reputational damage and even see a business cease to exist.

Common frauds

Here are some of the most common frauds seen today:

  • Telephone (vishing): Fraudsters trick you into divulging security credentials over the phone. This includes calls pretending to be from the fraud department of your bank or even the police. They manipulate you into providing security credentials, transferring funds to accounts set up by fraudsters with the belief that this will keep your money safe.
  • Email (phishing): You are encouraged to click on a link or document within an email that downloads malicious software onto your computer or directs you to a fraudulent website that looks identical to the official site. This allows a fraudster to gain access to your security credentials or card information.
  • Malicious software (malware/Trojan): Your computer may be infected with malware by responding to a phishing email, visiting insecure websites or using an insecure internet browser. This also allows the fraudster to capture your security credentials or bank card details.

Be aware

It’s not all doom and gloom. There are some simple but effective steps – the ‘golden rules’ – which any business can take to protect itself from fraud. It is important to remember:

  • banks will never ask for your full PIN and password online (only three random digits from each are needed to log in)
  • banks will never ask you for your PIN and password or any smartcard codes over the telephone, so beware of imposters
  • banks will never ask for smartcard codes to log in. These are used to authorise payments

Cheque fraud

Although much of today’s fraud takes place online, fraudsters continue to carry out cheque fraud against businesses, knowing that large amounts of money are often involved in cheque transactions. There are simple steps that companies can take to protect themselves from cheque fraud:

  • store chequebooks securely, ideally under lock and key at all times when not being used
  • reconcile cheques used against your statements, perhaps utilising dual review
  • prepare carefully: when writing or printing on an individual cheque, avoid any gaps that could be exploited by a fraudster (eg to prevent them from changing the payee’s name on the cheque)
  • follow up and stop missing or lost cheques

Invoice fraud

There are some frauds that are carried out against businesses alone. Invoice fraud is an example of this: a request is received by an organisation purporting to be from an existing supplier or creditor. The fraudster advises that the bank details for the settlement of future invoices should be changed, meaning that your next payment will be paid into their account. The fraud is usually discovered when the supplier that sent the genuine invoice chases for non-payment, by which time the recovery of any funds is highly unlikely.

These approaches can be made via telephone, letter, fax or email. The request is not necessarily accompanied by any specific payment instruction, but, if acted upon, the next legitimate payment will be made directly to the fraudster’s account. There are simple steps that all businesses can and should take to protect themselves from invoice fraud:

  • always contact the supplier or creditor to validate requests for payment or to amend bank details
  • closely scrutinise all requests for payment: check the email address or fax number they are sent against your company records
  • it is recommended that payments should have a minimum of two approvers; this offers an extra layer of security, as all payments would need to be approved by at least two people
  • consider sending confirmation of payments to the supplier or creditor to ensure that your funds have been received by them

CEO fraud

CEO fraud, also known as whaling fraud, uses email to impersonate a senior member of staff requesting a payment. A member of the finance team will receive an email appearing to have originated from a senior person in their organisation, such as the CEO, and instructing the recipient to make an urgent payment to a specified beneficiary.

There are two known methods used in this type of scam. The first is email spoofing, where the fraudster constructs a fake email that may come from a slightly different address from the one it is imitating, for example it may read .org instead of .com.

The second is account hacking, where the fraudster hacks a genuine email account and starts to issue fraudulent emails from it.

Here are some tips for avoiding executive impersonation scams:

  • Check any unusual payment requests directly with the apparent sender, ideally in person or by telephone, to confirm they’re genuine. But don’t use any telephone numbers or email addresses in the suspicious email as they will go directly back to the fraudster.
  • Be alert to unusual wording that you wouldn’t expect the real senior executive to use. There may be odd expressions, or incorrect spelling or grammar.
  • Make sure that internal email passwords are strong – they should include a minimum of eight characters and a mixture of upper-case, lower-case, numeric and special characters.
  • And if your company doesn’t already have a well-documented internal process for requesting and authorising payments, create one.

You can obtain more fraud and security advice from your bank, so visit their website and speak with your relationship manager.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 21 November 2018
If you'd like to register, please fill in the username, password and name fields.

Member Login

Business Insights & Tips

Leaderboard

1
Jill Holtz
807 Points
2
Michael Lane
789 Points
3
Ron Immink
732 Points
4
Fionan Murray
702 Points
5
ContentLive
277 Points
View Leaderboard