Banks and card companies prevented £1.4 billion in unauthorised fraud in 2021. (UK Finance Annual Fraud Report)
Fraud losses totalled £730.4 million. Real numbers are undoubtably much higher, given that many are too embarrassed to report.
Here are some common scam schemes and related to businesses, and their prevention methods:
Invoice Scams (36.8m stolen value)
A common example is an email requesting change of bank details from a supplier or an employee. A more advanced one I came across recently is the same process broken down in stages. A retailer accounts team casually received a request to change a telephone number on the invoice, and then, few months later request a bank account change. When the controller called a number on the invoice – the call was answered by the fraudster and payment details were confirmed. Upon processing the payment, the bank alerted the new details as non-verifiable and further enquires identified the fraud. Saved £18k on that payment initially. If gone undetected, annual supplier turnover was 1.3m.
How to stay safe from invoice scams
Make sure your system is ring fenced and only use your system details for supplier or customer details.
Confirm any changes directly, by phone, from the person you (or your team) know. If you don’t have a personal contact, get operations/sales/procurement involved and make sure you find a trusted person to speak with before making a change.
Enable Payee details verification with your bank. There is a payment verification system between largest UK banks that matches the business names with their account details. Unfortunately, this excludes smaller banks, and some large ones too. Metro only joined recently. Not surprisingly, the fraudsters are using those non-verifiable banks. When your bank does not recognise payee – the transaction should be classed as suspicious, and the matter should be raised with a business director and additional verifications need to be carried out before the payment is made.
Set up an alert in your accounting system to warn you if the bank account details of a contact have changed. Such emails often trigger follow-ups with relevant team members about the change and can be useful.
·For first time transfers - pay a small sum first and then verify with the company before settling the larger payment.
Boss Fraud (£12.7m stolen value)
The scammer manages to impersonate the CEO/Director/Owner or other high-ranking official of the victim’s organisation to convince the victim to make an urgent payment to the scammer’s account. Usually applied against larger/structured finance teams.
Happened to me personally few years back. Received an urgent email from my boss asking for a payable’s ledger, which I have forwarded without suspecting anything. A follow up email came a day later, asking for a payment the outstanding due balance of a supplier + an additional invoice with new bank details. This looked suspicious. Upon double-clicking on the sender’s email, I have noticed it was not our company domain. Called the director – he has not requested anything. Potential impact – 80k. If gone undetected, the turnover was £3m.
How to stay safe from Boss Fraud
Use only system details for payment
Double click on the email to make sure it’s from your company domain
Call the boss to verify.
Impersonation: Police/Bank Staff (137.3m stolen value)
The criminal contacts the victim (usually by phone) purporting to be from either the police or the victim’s bank and convinces the victim to make a payment to an account they control.
A construction company owner, well known in the area received an urgent call his “bank fraud team” claiming there was a fraud on his account. Was asked to transfer funds to a “safe” account till the investigation is concluded. Very believable, so he believed it. Called me to arrange a payment. I suspect fraud so called our bank relationship manager for verification. RM said no such request could have come from the bank. Balance on the account – £330k.
Other impersonation (£77.5m stolen value) includes fraudulent approaches from utility company, communications service provider or HMRC/Gov. Common scams include claims that the victim must pay a fictitious fine, pay overdue tax or return an erroneous refund.
How to stay safe from Impersonation
Call from unknown numbers need verification
Contact your bank or an organisation directly using a known email or phone number. Ideally contact the relationship manager you know personally.
Do not give anyone remote access to your computer following a cold call or unsolicited text.
Never give anyone remote access to your computer as the result of a cold call or unsolicited message
Check our explainer vidoe below and get in touch if you need support.
Comments