In today’s world, online versions of fraud are becoming more common. Small businesses must be careful not to fall victim to cyber thieves. In our business, we use cutting-edge technology, systems and compliance to try protect ourselves from potential cyber fraud. This is essential as the security of our clients’ funds are of paramount importance to us. However, there are many easy checks any small business can use to try and prevent any potential cases of cyber fraud.
Keep your eyes peeled and stay in the loop
The first precaution you can take is relatively simple: Stay informed.
Whether you are in the construction industry or fintech, no business is exempt from cybercrime. The easiest way to protect your business is to stay informed.
Most industry bodies, irrelevant of sector, will discuss common topical happenings specific to that industry. Try keep an ear to the ground to know what may be affecting your competitors and colleagues.
Knowledge is power in these circumstances and the more we learn the better we can all protect ourselves.
Since cyber fraud is constantly changing and evolving, what you learn this month may be out of date next month, or even next week, so be sure to stay up to date.
If you can’t attend industry meetings, many of your peers will be more than willing to share the agenda and notes after the meeting. All you have to do is ask.
Understanding CEO fraud
The two most common types of cyber fraud affecting small businesses today are CEO and invoicing fraud.
CEO fraud is when an email is sent from the CEO, or someone high up, to an employee within the same organisation. The email is generally for an urgent payment that needs to be actioned as soon as possible.
The wording will be similar to what the said employee would expect from their CEO or superior. These emails will generally be sent to the department that deals with refunds or requests of this sort.
When the employee opens the email, and sees an urgent request from their superior they are likely to prioritise the request and make payment as soon as possible.
Requests from superiors are generally not questioned and are simply actioned.
What the employee isn’t aware of is that the request has originated from outside the organisation, or even worse, the CEO’s internal email has been compromised.
Once the payment has been actioned, the CEO is none the wiser and has no idea the request even exists. Once the payment has been made and is cleared the fraudster generally withdraws or wires the funds immediately, leaving an empty dummy account.
It is exceptionally difficult, if not impossible, to reclaim the funds in these cases. Unlike fraudulent credit card purchases, an EFT or bank transfer is far more difficult to undo.
In the UK, GBP-GBP same day payments are generally done via faster payments. In these cases, the funds clear virtually instantly, leaving the business little time to rectify or notice the issue.
So how do you safeguard against it?
A simple, yet effective way to avoid CEO fraud is via dual-authorisation within your banking system. Just having a second set of eyes overlooking the request and subsequent payment could prevent fraud.
Not all businesses have sufficient resources to allow for this. A simple method to avoid CEO fraud could be instating a company policy requiring that all payments to new bank accounts are verified with the sender of the request via another channel.
Most companies have internal messaging systems which are more difficult to compromise, such as Skype for Business, Yammer and Slack. Use these platforms, as opposed to email, to verify the authenticity of a new payment request.
Having this policy would mean the employee receiving the request would simply message the CEO via another means of communication, apart from replying to the email, to confirm the payment request.
Provided this has buy-in from senior management, and staff aren’t made to feel like they are second guessing themselves, this can be virtually foolproof in avoiding CEO fraud.
Understanding invoice fraud
The second most common type of fraud affecting small businesses is invoice fraud. It’s not dissimilar to CEO fraud and often occurs when a supplier emails you an invoice with updated bank details.
The invoice will generally be one you are expecting and all that has been amended are the bank details. Either the supplier’s email has been compromised or, as in the case with CEO fraud, the email is just made to look legitimate.
As a good client, you settle accordingly, and only a while later when your supplier is chasing you for payment do you realise you have sent funds to a fraudulent account.
So how do you safeguard against it?
Simply calling your supplier and double-checking their details have changed should be enough to prevent financial loss. I would recommend informing your suppliers that any change in bank details will need to be verified prior to any payment being made.
Most suppliers will be happy to have a client verify these changes, as in cases of this type of fraud, it is a grey area in terms of where the liability would inevitably fall.
Is the supplier liable or is the client? Simply checking and giving the manager at your supplier a ring should mitigate the risk of this happening to your business.
Don’t forget to report fraudsters
If you detect a potential, or actual, case of fraud the particulars should always be reported to the relevant authorities. Send these details to your banking partners as well, so they are able to flag the “dummy” account details.
While this may not result in you being able to reclaim your funds, it will help protect other institutions from the same scam.
Staying up-to-date is of paramount importance when protecting both your business and your clients from fraudsters. Keep your staff and industry peers in the loop about developments like these for a better chance of protecting your businesses.
We are a professional services company that specialises in cross-border financial and immigration advice and solutions.
Our teams in the UK, South Africa and Australia can ensure that when you decide to move overseas, invest offshore or expand your business internationally, you'll do so with the backing of experienced local experts.