The recent cyber-attack which disrupted IT services across the globe may have been making headlines – but small businesses also need to be alert to other, smaller-scale fraud and scams. NatWest fraud analyst Sarah Grant talks about staying safe in a fast-paced and increasingly digital world.
In the first few hours of the recent cyberattack on England’s NHS, a number of big-name companies and government departments in other countries also fell victim to the malicious software.
Europol, the EU’s law enforcement agency, has called the cyber-attack the “largest ransomware attack observed in history”.
But what about smaller frauds and scams which may only target one business, but to that company can be equally devastating? Three of the most common which we are currently seeing focus on emails, invoices – and even your own staff.
Emails are not always what they seem. An increasingly prevalent scam is nicknamed ‘Bogus Boss’. This is where an email arrives with a payment request – usually marked ‘urgent’ – and appearing to be from a senior person within your organisation. In fact it is from a fraudster posing as your colleague, with a very convincing replica of an email from your firm’s account.
How can you spot this kind of scam – especially when you are ploughing through hundreds of emails every week?
The key is to stay alert and never take things at face value. Have a process in place to verify if the request is genuine or not, for example speaking to the sender in person using a trusted contact number. If you are at all suspicious about the request contact the sender independently to check they did actually send the request. Do not use any contact details for them contained within the email.
Another threat is from Invoice redirection fraud. This is where fraudsters pose as a supplier or creditor and tell you that their bank details have changed.
This can come via email, letter or over the phone. The instruction asks you to settle all future invoices to a new sort code and account number. But if you do this, funds are paid straight to the fraudster when the next invoice is due and the original debt to the genuine supplier still stands.
Just as with Bogus Boss, my advice is to question any communication which asks you to do this. Contact your supplier or creditor using the details you hold for them, not those on the letter or email, and check if this is genuine. And make sure all staff know of this scam and to be on their guard.
Unfortunately though, sometimes your own staff can be the source of a fraud. Insider fraud often starts with small amounts being taken but can then increase along with the confidence of the perpetrator. Look out for:
• An employee having financial difficulty
• Employees who are reluctant to take holidays
• Always staying late or being the first in
• A new member of staff who resigns shortly after joining
• Customer complaints about missing documents
• Changes in an employee’s behaviour/lifestyle/performance
• Suppliers who insist on dealing with the same employee
Make sure that you always validate employees’ right to work, qualifications, references and criminal records. Control access to your building and systems with unique ID and passwords, restrict and monitor access to sensitive information, implement a joiner/leaver process, and always reconcile statements. And as the leader in your business, set a zero tolerance to fraud for all staff, regardless of role, grade and length of service.
To find out about the latest developments in fighting fraud, we recommend that you regularly visit the Financial Fraud Action’s website: