Welcome to the second instalment of our blog series with Superfast IT. There are many types of financial fraud that small businesses need to be aware of. In this blog post we highlight seven types of financial fraud and how to spot the signs of a scam.
Financial fraud occurs when money is stolen through deception, misleading or illegal practices. There are several types of financial fraud that West Midlands businesses commonly face:
- Fraudulent Loans
- Banking Fraud
- Compromised IT
- CEO Fraud
- Impersonation Fraud
- Investment scam
- Invoice scam
When applying for a loan, businesses should always work with a reputable lender. However, there are bogus companies offering fraudulent business loans. These often have a website, claiming to operate on behalf of the UK Government.
The fraudsters cold call businesses and individuals offering the loan and victims are directed to complete an online application form. Once the personal information has been submitted, the victims are contacted and congratulated on being accepted to receive the money.
Applicants are then asked to provide identification and are instructed to get a pre-paid card to deposit their own contribution to the fake account. Prepaid cards can be used in a similar way to credit cards, except the funds on a prepaid card are loaded on prior to spending.
Fraudsters contact the victims by phone or email to ask for the details of their pre-paid card and copies of statements in order for them to receive the funds. Of course, the funds are never given by the fraudsters and the money that’s been loaded onto the card by the victim is stolen.
How to spot a fraudulent loan
A legitimate loan provider would never expect to receive an upfront payment in return for the loan.
Banking fraud is when criminals get hold of a business’s bank account details and make unauthorised money transfers. For example, they may send you a text message, email or call you pretending to be from your own bank and warning you about ‘suspicious activity’ on your account. They ask you to respond to the message with some account/security details to verify your identity. This will actually reveal your identity and give them access to your bank account. Often, these scams can be very convincing, so it is always worthwhile erring on the side of caution by not providing any details. You can then call your bank using contact details listed on their website which you know are genuine.
How to spot banking fraud
- Business’s account details have changed, and you may not be able to access your account.
- New payees, direct debits and standing orders have been set up on your business’s bank account that you didn’t authorise.
- You have given up your bank details in urgency – a tactic often used to cause a knee-jerk reaction.
IT systems are most commonly compromised when an employee receives a scam email and innocently downloads a zip file or clicks on a bad link. This can cause a bug or ‘back-door’ into your IT that could be used to monitor what you are doing and access your emails. The back-door can go unnoticed for months and lead to ransomware eventually being deployed or financial fraud taking place.
For example, emails from your finance department are automatically diverted/forwarded to a criminal. The criminal then responds back to your clients with a change in payment details from your email account. The new payment is made directly to the criminal instead of your business.
How to spot compromised IT Infrastructure
- Expected payments haven’t arrived in your bank.
- Your IT department’s has proactive IT monitoring and spots an irregularity that can be isolated and tested.
- Your IT department regularly audits emails and spots an unauthorised forwarding rule.
Who hasn’t received a CEO scam email? They are very common. A CEO spoof could come in the form of an email, text, or call. This is where a criminal impersonates your boss or a senior manager to either change payment details for a supplier/contract or to make an urgent payment. For example, a member of the finance team receives what looks like a genuine email from a senior manager to make a new payment.
It is worth noting that criminals may target businesses over several months, building a picture of your company and the team members that authorise payments.
How to spot a CEO scam
- The sender’s address is not your boss’ email address. It is trickier to spot this scam if your boss’ email account has been hacked. They may not even realise they have been hacked until they check their sent items. This is where cybersecurity measures such as email filtering can prevent the email from ever entering your inbox.
- You’re asked to urgently process an out-of-the-ordinary payment by your CEO, boss or a senior manager.
- The language used in the email isn’t consistent with that of the purported sender.
- You’re asked to change the bank details of an existing supplier on your system.
- Senior leader says they are only available in email, and payment is urgent.
HMRC, Microsoft, Amazon, Google, WhatsApp, NHS – these are all well-known brands that are commonly impersonated. Impersonation fraud is when you are convinced to make a payment or give your business’ financial details to someone claiming to be from an organisation that you trust.
They could use call, text, or email about tax rebates, Covid related scams, delivery charges, software updates, unauthorised logins, or urgent updates.
How to spot an impersonation scam
- You receive an urgent request, out of the blue, to make payment or provide business’ financial information.
- A message insists that you act immediately for a claim, for example, ‘payments need to be verified’ or, ‘a pending tax refund’.
- You are unexpectedly asked to download software to your computer.
- The sender’s email address domain is different to that of the genuine organisation.
An investment scam promises a high return with little to no risk. Money is moved to a fictitious fund to pay for the fake investment. It is often done through a cold caller who pressures you to act quickly, claiming there is limited time to invest. Anyone who is known to make investments, is at a higher risk of being targeted with an investment scam.
How to spot an investment scam
- You are contacted out of the blue by phone, email, or social media platform from a broker about a one-off investment opportunity – much like the movie Wolf of Wall Street!
- There is pressure to make a quick decision with no time to consider the investment or do research.
- You are offered a high return on your investment with little to no risk.
- You are told the investment opportunity is exclusive to you and your business.
- It sounds too good to be true
Invoice scams take place when a criminal poses as a supplier and you are asked to change the supplier’s bank account details. Thereafter, when the supplier is paid, it is paid to the criminal’s account rather than the supplier’s. Alternatively, a fake invoice could make it into your inbox unnoticed and end up being paid without question.
Criminals carry out extensive research about your business to find out who your suppliers are and when regular payments are due. Criminals may target busy payment periods – payroll weeks, end of tax year, Christmas – to slip under the radar.
Invoice fraud is often only discovered when chasing a non-payment. At that point, recovery of the funds from the fraudulent account is very difficult.
How to spot an invoice and mandate scam?
- Out of ordinary request from an existing supplier to change bank details.
- Receiving more frequent or duplicate invoices.
Spotting signs of a scam is important to considerably reduce your risk of falling victim to financial fraud. Remember, if you are ever unsure if an organisation is genuine, you can refer back to this blog post or get a second opinion from someone you trust.
Stay tuned for the next blog which will detail some principles to follow to protect your business from financial fraud.
In the meantime, follow BCRS Business Loans and Superfast IT on social media