For our third blog of our financial fraud series, we wanted to address principles you can follow to protect your business from falling victim to financial fraud.
Fraudsters often use the internet to commit crimes. It means they can be located anywhere in the world, and this makes it hard to track and arrest the perpetrators. Traditional policing investigation models are not effective because of the high volume and due to criminals not always being UK-based. Therefore, the best advice to businesses is to put preventative measures in place.
How West Midlands businesses prevent becoming victim to financial fraud?
There are three simple steps in the Governments ‘Take 5’ fraud awareness campaign; Stop, Challenge, Protect:
- STOP: Taking a moment to stop and think before parting with your money or information could keep you safe.
- CHALLENGE: Could it be fake? It’s OK to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.
- PROTECT: Contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud.
Small Business Fraud Prevention
The ‘Take 5’ fraud awareness campaign provide a great overview. There are also a number of other tactics any small or medium sized business can do to prevent financial fraud:
- Check lenders on the Financial Conduct Authority’s register
- Don’t be afraid to say no.
- Robust processes and culture
- Verification using trusted contact details
- Verification – in person, phone, email
- Test payment
- Train staff to spot a scam
- Caution – what and who you share with
- Don’t overshare online
- Don’t allow remote access
- Online banking checks
- Check bank statements
- Log out
- Emails – Two Factor Authentication (2FA)
- Avoid email links and attachments
- Use authorised sellers
- ‘Too good to be true’
- Use secure online payment methods
- Check out online reviews
Check lenders on the Financial Conduct Authority’s register
To avoid falling victim to Fraudulent Government Loans, check the Financial Conduct Authority’s register for regulated firms, individuals and bodies. You can check their website is genuine by checking their web address. It should always begin with fca.org.uk or register.fca.org.uk. Ensure you only use the contact details listed on the Register to confirm you’re dealing with the genuine firm before parting with your money and information.
Don’t be afraid to say no
While we won’t want to appear rude, it is OK to say:
‘I can’t at the moment’, ‘let me verify that’ or ‘I will get back to you’.
Robust processes and culture
- Create a robust payment process that everyone follows, without exception. Even when a financial controller is on annual leave, the same robust measures must be followed. Train staff to follow the process and keep team members aware of process changes.
- Ensure employees feel comfortable approaching senior staff to verify payment requests and are aware of the types of requests they should be expecting.
- Don’t step outside your usual payment method, even if it’s urgent.
- Get senior staff approval on payment details before sending money to a new contact for the first time.
- Be wary of unexpected emails or letters requesting urgent payment, even if it appears to be from someone in your own business.
- Where possible, send remittance advices to suppliers once an invoice has been paid.
Verification using trusted contact details
Verification can help to prevent financial fraud. However, this comes with caution. When face-to-face can’t be done, such as calling a supplier, client, or bank – only use a trusted telephone number or email address. Do not use the contact details found within suspicious letters, emails, texts, or the phone number you were called from.
The contact details in scam communications will be the criminals contact details. Use contact details saved in your CRM or Google search the company to find their legitimate contact details from an official source – i.e., their website.
Verification – in person, phone, email
- Be wary of anyone who calls on behalf of a supplier. If there is a request to change their payment details, verify this by calling back using a trusted number.
- If a boss requests an urgent payment, also get their verbal verification (ideally in person).
- Confirm all urgent payment requests and verify directly with the sender, ideally in person or over the phone.
- For large payments, first complete a small ‘test payment’. Confirm that payment has been received before transferring the rest of the payment.
- Do a ‘test payment’ when paying a supplier for the first time too. Transfer a small amount first and check payment has been received directly by the company.
Train staff to spot a scam
- Educate and update employees on the latest threats. Cyber awareness training is recommended to continuously train team members about new finance fraud and cybercriminal scams.
- Ensure that all staff who process supplier invoices check for irregularities in supplier details (sort-code, account number and amount/s) including changes to supplier names and addresses and changes to invoiced amounts.
Caution – what and who you share with
Think twice before confirming your bank, financial and IT administrator details. Always verify their identity before sharing your details. Call or email using a trusted contact details.
Don’t overshare online
Be careful of the type of information you share online. Personal accounts that announce when you’re abroad, reveal your mother’s maiden name, you and your children’s date of birth and pet’s names can be used to get to know you, guess your passwords and sound legitimate.
Companies House and your website can also reveal information about genuine suppliers that can then be used by criminals too.
Don’t allow remote access
Don’t give anyone remote access to your computer following a cold call or an unsolicited text or email.
Online banking checks
- Be wary of unexpected or suspicious looking pop-ups that appear during your online banking session.
- Check your online business banking security options for your business’s bank account.
Check bank statements
- Check your business’s bank statements carefully. All suspicious debits should be reported to your bank immediately.
- Check your bank or building society’s website for advice on how you can make your account more secure.
- Always ensure you click ‘log out’ or ‘sign out’ of websites.
IT, infrastructure, and emails
Emails – Two Factor Authentication (2FA)
To prevent emails being hacked, always set up 2FA. This means when you log in, you will also be sent a text message to confirm your identity. This feature is free to all Office 365 subscribers – contact your IT department if this hasn’t already been activated.
Avoid email links and attachments
Avoid clicking on links or attachments within emails or texts. This is how most cyber and fraudulent criminals gain access to a business’ IT.
How do I check a company’s authenticity?
Use authorised sellers
Purchase items made by a major brand from the list of authorised sellers listed on their official website and ensure you receive proof of purchase.
‘Too good to be true’
Be suspicious of any “too good to be true” offers or prices.
Use secure online payment methods
Use the secure payment methods recommended by reputable online retailers and auction sites.
Check out online reviews
Do your research before making any purchases by reading online reviews.
We support the ‘Take Five to Stop Fraud’ campaign, encouraging not only our team, but also our suppliers and clients to stop and challenge suspicious activity.
To help you stay safe from fraud and scams, we adopt the tactics covered in our previous blog posts which you can find here:
- Superfast IT and BCRS Business Loans Team Up to Help Prevent Financial Fraud in the West Midlands
- What types of financial fraud small businesses need to be aware of
Come back soon to find out what to do if your business falls victim to financial fraud.
In the meantime, follow BCRS Business Loans and Superfast IT on social media.