Insurance · 21 October 2015

whaling? fraud reaches small firms Here’s how to protect your business

"Whaling" fraud is becoming a "big problem",  especially for small companies
“Whaling” fraud is becoming a “big problem”, especially for small companies
Small firms have been targeted by a scam dubbed whaling” fraud in recent weeks, losing sums of between 10, 000 and 20, 000 as a result.

Financial Fraud Action UK (FFA UK) said there had been a particular rise in the scam over the past few weeks and warned office staff to be wary of fake emails that appear to come from one of their bosses telling them to transfer money.

It has been called whaling? fraud due to its nature of targeting the big fish of the company, rather than phishing, which tends to be aimed at lots of smaller fry.

While earlier examples had seen bigger firms like US tech company UbiquitI Networks lose $47m, the fraud has now reached smaller companies too.

Ben Johnson, chief security strategist at Bit 9, said the scams were widespread, while the fraudsters behind them were targeting both large and small companies.

it’s becoming a big problem, especially for small companies that do not have the bodies to look into all the emails.

He added that while the bad guys might only be after $100, 000, but for a smaller company that’s a lot of money.

The pattern has seen staff in a business’s finance department receive an email, which they believe to be from a senior manager. It appears genuine as the culprits use special software to make the message seem legitimate, mimicking the characteristics of an email, including the sender address. It appears in the recipient’s inbox in exactly the same way a regular email from the same contact would do.

The emails tend to request urgent payments be made outside of normal procedures usually for a time-sensitive necessity, like securing a contract, which the CEO or business owner can’t complete as they are out of the office.

When employees transfer the money though, it goes into an account set up by the fraudsters.

Katy Worobec, director of FFA UK, warned that while an urgent request from the boss might naturally prompt a swift response, it should in fact be a warning sign of a potential scam.

It’s important for businesses to be alert? as fraudsters will do all they can to make these scam emails look genuine.

If you are concerned about your business or your employees being targets, the FFA UK has advised making sure to follow the below steps.

Advice on avoiding this scam:

(1) Always check unusual payment requests directly preferably in person, or by phone

(2) Don’t use contact details provided on such emails



Rebecca is a reporter for Business Advice. Prior to this, she worked with a range of tech, advertising, media and digital clients at Propeller PR and did freelance work for The Telegraph.

From the top