Fraud against the consumer is usually what makes the headlines. But the loss per fraud for businesses is typically significantly higher because fraudsters know businesses are more lucrative targets. Despite increased security measures, they will continue to try to exploit weaknesses in how a business operates.
Four of the main ways that a fraudster will attack your business are:

Account Takeover (ATO) Fraud

As the name suggests, fraudsters try to gain access to the victim’s bank account(s). Here, they convince the victim to provide or steal necessary credentials to accomplish this, allowing them to control the account remotely through the internet, telephone or mobile banking methods.

Protect your business from ATO fraud:

• Never give out financial account details to anyone that calls in or sends an email to request them. A genuine bank or financial payment provider will never ask you for them.
• Train your staff to prevent phishing and vishing attacks. It is essential to ensure they know what to look for to spot a fake email, never click on links from unexpected emails, and are confident enough to question any request for financial account details.
• Take IT security seriously. Ensure you have security and anti-virus software installed and are always up to date.
• Always question unexpected requests for access to IT devices, even when they say they are from a trusted organisation. Always confirm unexpected visits and calls with the company’s offices using a trusted contact number.
• Never assume that because a caller knows details about you (such as your mother’s maiden name, date of birth, school you attended) that they are genuine. Often this information can be gained from social media by a determined fraudster.

Supplier Invoice Fraud

This is the most prevalent and accounting for nearly half of all fraud attempts against businesses in the UK in 2021. The invoice being paid is usually genuine, but the fraudsters intervene to convince the business to make the payment to an account under their control, often by way of them compromising an email account. This is a favourite method of attempted fraud, as criminals take advantage of businesses making genuine high-value payments more often, making it more challenging to identify and prevent fraudulent payments.

Protect your business from supplier invoice fraud:

• Always confirm any bank account details with the company you are paying using a trusted telephone contact number.
• Never trust any contact details received by email. Fraudsters may have accessed that company’s email account or intercepted and altered a genuine email before sending it to you from a spoofed email address.
• If paying to a new account for the first time, consider making a small payment before confirming it has arrived using a trusted telephone contact number.

CEO Fraud

Here, the fraudsters attempt to impersonate the CEO or other senior manager in a firm and then convince the victim, often a junior employee, to make an urgent and immediate payment to an account controlled by the fraudster. This is usually done by accessing or spoofing the firm’s email system, relying on the supposed requestor’s seniority, tone and urgency to motivate the victim into acting without caution.

Protect your business from CEO fraud:

• Be alert for any unexpected requests for urgent bank transfers, no matter who makes the request or how the request is made. Communicate to all staff that these requests should raise a red flag.
• Immediately confirm any unusual payment requests in person or using a trusted contact number. Never rely on contact details supplied with the request. And if the senior manager is busy, wait to make the payment. If they have been in a meeting all morning, how have they just sent you an email?
• Put a documented procedure for all staff to refer to when authorising and making payments, signed off by senior management. And then be suspicious of requests supposedly by those managers that fall outside these processes.

Business Email Compromise (BEC)

Strictly speaking, this is not a fraud type, but as can be seen above is one of the primary methods that fraudsters use to facilitate fraud. In the digital world that we live in, email remains the main method of communication, with employees receiving over 120 emails each day on average. That’s an email every four minutes, so fraudsters rely on this to generate complacency and a sense of “automatic reaction” when an email arrives. If an email comes in from a supplier that is known, trusted and has already sent in 5 emails today alone, it means that the fact they are now providing new bank account details means it must be genuine. Isn’t it?

Protect your business from a BEC:

• Ensure your employees receive regular training on email phishing, security and use. It only takes one successful compromise to lead to significant fraud losses.
• Have clear policies and procedures available for reference when making financial payments.
• Ensure that all email accounts are protected using two-factor authentication.
• Take email security seriously. There are many providers of software that can filter out malicious emails. These can be provided for businesses of all sizes. If your business already has email security in place, keep it updated.

Fraud is a threat to everyone, and the team at Ebury are here to help our customers protect themselves from its effects. If you need any advice on any fraud-related issues, contact us at [email protected] .