We’ve all heard about big cyber attacks disrupting IT services across the world, but what about smaller-scale fraud and scams which may only target one business at a time? These exist, and small businesses should be alert. Here are three common types of frauds, and how you can protect your business from them:
Bogus Boss: Emails are not always what they seem. An increasingly prevalent scam, nicknamed ‘Bogus Boss’, occurs when an email arrives with a payment request - usually marked ‘urgent’ – and appears to be from a senior person within your organisation. It is in fact from a fraudster posing as a colleague, with a very convincing replica of an email from your company’s account.
How to protect your business: How can you spot this kind of scam – especially when you are ploughing through hundreds of emails every week? The key is to stay alert and never take things at face value. Email addresses can be altered to make them appear genuine. Have a process in place to verify if the request is genuine or not, for example contacting the sender independently using a number you know and trust, or speaking to them in person.
Invoice redirection: This is where fraudsters pose as a supplier or creditor and tell you that their bank details have changed. This can come via email, letter or over the phone. The instruction asks you to settle all future invoices to a new sort code and account number. But if you do this, funds are paid straight to the fraudster when the next invoice is due and the original debt to the genuine supplier still stands.
How to protect your business: Just as with Bogus Boss, my advice is to question any communication which asks you to do this. Contact your supplier or creditor using the details you hold for them, not those on the letter or email, and check if the request is genuine.
Vishing: This is also known as telephone fraud and happens when a fraudster impersonates your bank over the phone. In most cases, they will have completed research about your organisation and how it operates. They’ll claim there is a problem with your account, attempt to build your trust in them and convince you to disclose confidential information such as PINs and passwords. This information would then be used to transfer money out of your account and into the fraudster’s.
How to protect your business: In this situation, tell the caller that you will call the bank yourself. Then independently find a number for your bank and call as soon as you can, using a different phone line or mobile if possible. Also, make sure that your staff members know not to disclose confidential banking information over the phone. And if you’re ever unsure about the authenticity of a phone call – just hang up.
These are some common types of fraud, but not an exhaustive list. The key things to do are; to be alert; be ready to challenge; don’t take things at face value; review your processes to make sure they’re robust; and train staff members to raise their awareness of fraud and scams. And if you ever have any worries, call your bank to discuss.