Team GB Olympic Success – Lessons for BusinessAugust 23, 2016
This morning I received 3 emails from one of my clients asking if I can process an urgent payment for them. Of course I know that this client would never ask me to do this by email and these emails are an obvious scam attempt. However I know of cases where people have been taken in and have lost significant sums of money. How can this happen? You think your organisation could never be a victim of a scam! Think again! Scammers are clever and are using increasingly sophisticated techniques to separate you from your hard earned cash.
Here are some examples of recent frauds:
- The Bogus Boss Fraud. Similar to the emails I received today the scammer will typically view a company’s web site and identify A) someone in authority , typically the CEO and B) someone in accounting who may be responsible for payments. An email will then be sent from A to B which is designed to look like the real thing requesting an urgent payment is made to XYZ Ltd. On hitting respond it is clear the email address is bogus but the scammer is relying on this not being noticed and the employee going along with a reasonable looking request. Last year £32m was reported lost through this fraud alone with the largest single loss being £18.5m, and you think you’re having a bad day!
- Supplier Payment Diversion. This fraud is similar to the above but here the email comes from one of the company’s suppliers usually requesting that due to a change in banking arrangements that payment is made to a new bank account.
- HMRC refund scam. Victims have received phishing emails/texts purporting to be from HMRC about tax rebates. After either downloading a file attached to the emails or clicking on a link, devices have been infected with Malware which locks your computer and demands a ransom.
- Bogus Bailiff. Here the company gets a call saying bailiff’s have been instructed to enforce a judgments usually for a small amount. Enforcement action can be avoided by paying the amount in dispute immediately.
- Banking Phishing. Almost all businesses now use some form of online banking. Fraudsters will send an email purporting to be from your bank asking you to verify your account details. Beware, banks just do not do this.
There are a number of safeguards a company can employ to protect itself but some very common sense steps are the most effective:
- Make sure staff are aware of the risk of fraud and have a policy is in place that payments are never to be made purely on the basis of an email instruction.
- Verify any requests from a supplier to make payments to a new bank account.
- Do not write down access codes and passwords.
- Have a dual process for payments. Have a different person authorise online payments from the person who inputs the payment.
- Keep detail of personnel involved in the payment process off your web site.