Why should business be concerned?
Fraudsters are turning to more sophisticated methods of scamming people and businesses out of money, with businesses increasingly a target. A common tactic they may use are sending spoof emails impersonating a senior member of staff and trying to deceive employees into transferring money. The email usually requests an urgent payment is made outside of normal procedures, often giving a pressing reason such as the need to secure an important contract.
Criminals can also pose as regular suppliers to the company or organisation and make a formal request for bank account details to be changed. This is known as invoice fraud and fraudsters may trick a company into changing their bank account payee details for a sizeable payment.
Criminals who specialise in invoice fraud are often aware of the full details of the relationship between companies and suppliers – they know when regular payments are due and, equipped with sophisticated information, they make contact with finance teams within companies and pose convincingly as suppliers.
Similarly, through mandate fraud criminals convince firms to change a direct debit, standing order or bank transfer mandate by pretending to be an organisation the business makes regular payments to, for example a subscription or membership organisation or supplier.
A recent FFA UK study has shown:
- Almost 7 in 10 business leaders admitted they hadn’t taken any action to protect their business and employees from an incidence of fraud.
- A quarter of businesses have admitted they have fallen victim to scams or had scams attempted.
- Almost half of all business leaders surveyed do not believe an act of fraud will be committed against them.
- The most common targets for fraudsters are senior management and business owners in SMEs (67%).
If you receive an email from your CEO or some other senior member of staff asking you make an urgent payment outside of normal procedures, don’t automatically follow their lead. It’s become very easy for fraudsters to manipulate the characteristics of an email, including the sender address, so that it looks genuine, but when you transfer the money, it goes straight to an account controlled by a criminal. Keep an eye out for any emails that might be written in a different style to usual, and always check any unusual payment requests directly, ideally in person or by telephone, to confirm the instruction is genuine.
It’s not hard for criminals to investigate business invoice details (even down to payment dates) and then pose as regular suppliers. If a supplier contacts you to make a formal request for bank account details to be changed, always verify with that supplier using their on-file details. It’s important that everyone inside a business is warned of the dangers of invoice fraud, and that everyone knows to always check invoices to identify potentially fraudulent transactions as soon as possible.