1. Email fraud
Whether it's phishing emails targeted at stealing corporate information, 'spoof' emails sent by your business to customers or rogue messages delivered to you from suppliers, email fraud costs businesses big.
Action Fraud is currently seeing a huge increase in fake invoice scams with 749 businesses reporting them in January to June 2015, compared to a total of 603 in 2014. Emails are often received from 'suppliers' asking for their account details to be changed, fooling innocent employees into doing so and sending payments to criminals.
How to avoid Email Fraud
Encouraging employees to be naturally suspicious is one simple yet very effective way to combat email fraud. Questioning each request for payment or an information change, can soon weed out fakes.
The Royal Bank of Scotland Fraud team recommends having a specific documented process to list known valid phone numbers to check authenticity:
“Any requests outside of that procedure, especially if received by email, should be regarded as suspicious,” advises the Fraud team. “If this is the case, contact should be made with the person sending the email verbally, using a known contact number from their internal records, to confirm the request.”
Even just encouraging employees, suppliers and customers to create strong passwords for their accounts can help as a first wall of protection.
The Royal Bank of Scotland Fraud team also describes the process of a common email scam:
- A member of the finance team receives an email which appears to have originated from a senior executive within their own organisation
- The email asks the recipient to make an urgent payment to a specified beneficiary, bypassing normal procedures because of exceptional circumstances, e.g. on the pretext that an early payment discount will be missed if funds are not remitted immediately
- In reality, the fraudster has spoofed the email address of the executive. If the request is not independently verified, then the company risks paying funds directly in to the criminal's bank account
“Please treat with caution any unexpected emails that request urgent bank transfers, even if the message appears to have originated from within your own organisation,” the team says. “Contact the executive directly to confirm that they did indeed send the instruction.”
2. Land or property fraud
One lesser known but potentially serious issue is the risk of someone stealing and selling a building you own or the land it is built on.
The property could also be used to fraudulently apply for a mortgage. Due to the monetary values involved it can be an attractive and easy target.
The Land Registry says the issue is on the increase and since September 2009, it has prevented cases worth £70m.
How to avoid Land or Property Fraud
Following a six-month pilot, the Land Registry now allows businesses to fill out a form and place a restriction on the title of its properties to stop anyone else registering fake details about them without their knowledge.
Companies can also sign up for property alerts from the Land Registry to instantly warn them if anything suspicious happens.
3. Data breaches
Despite huge media interest around big data breaches, research shows 52% of Britain's SMEs are not taking any preventative measures.
The figures from identity protection and fraud detection solution CSID also suggest that two thirds do not have a disaster recovery or business continuity plan in place, while 85% do not have plans to increase budgets for such measures.
This is despite recent findings from PWC showing an average cyber security breach costs between £75,000 and £311,000.
How to avoid a data breach
Data breaches can happen through unsecure employee smartphones or tablets being lost or stolen; employees having passwords hacked or insufficient third party security software being installed. Such software should be regularly monitored and automatically patched with manufacturer updates.
A Bring Your Own Device policy is key to preventing unauthorised data leakage and CSID advises having a breach preparedness plan in place. CSID also says an honest and fast declaration of a problem reduces the cost of breach reparation while avoiding damage to customers.
4. Reputation damage
In today's online world, reputation matters. But it can be destroyed in an instant thanks to fake reviews, false social media accounts or corporate identity theft.
Companies House deals with 50 to 100 cases of the latter each month, due to unauthorised changes to a registered office address or officers' personal details. This can then become the impetus for further fraud such as loan applications.
How to avoid Reputation Damage
Registering the right domain name, Facebook page and Twitter account can ensure your company brand is not faked by others in order to steal money, customers or hit your reputation.
Policies should also be implemented to ensure employees manage company and personal social media accounts responsibly. Subscribing to social media monitoring systems such as Hootsuite can highlight problems as they arise by registering keyword searches.
5. Employee Fraud
According to Cifas, recorded internal frauds rose by 18% in 2014. These included theft of data by staff, fraud committed by employees on customer accounts, employee application fraud or false expense claims. All leave a company at risk of direct financial loss, fines or even legal action.
“Fraud is not just about remote attacks – some of the most dangerous threats can come from within,” Simon Dukes, cifas chief executive, says. “Internal fraud costs huge amounts in money, reputation and employee morale.”
How to avoid Employee Fraud
Rachael Tiffen, head of the CIPFA Counter Fraud Centre, suggests a zero tolerance anti-fraud policy from the top down is key to preventing this happening, while escalating strong paper and electronic processes and regular auditing can help businesses quickly identify issues.
- They say prevention is better than cure and in the case of business scams, this couldn't be truer. The Metropolitan Police has prepared a guide full of useful tips and guidance which should make interesting and important reading for businesses of all shapes and sizes.
- Also, Cifas maintains a national database allowing member companies to share confirmed fraud to prevent it happening to others. In 2014, this prevented £1bn of losses.
This article was first published on RBS Business Sense. You can read it here.