Procurement 26 April 2016

Fraud lessons: 12 ways to protect your business from email scams

email scams
Be careful when posting financial and personnel information to social media and company websites
With cyber criminals increasingly impersonating executives, suppliers and employees to try and defraud small business owners by email, Tonyanscombe, from AVG Business, explains how to avoid falling for their tricks.

In the UK, Cifas a not-for-profit organisation helping protect businesses, charities, public bodies and individuals from financial crime say this type of email fraud is on the rise, especially for small business: 749 small firm owners reported falling victim to such scams to Action Fraud between January and June in 2015 alone. In comparison there were 603 in the whole of 2014 and 739 in 2013.

Small businesses are prime targets

Simon Dukes, the chief executive of Cifas, said: Fraudsters often take advantage of organisations with less resources and less staff leaving small businesses more vulnerable to fraud. We know greater awareness is a powerful tool in fraud prevention and we urge small businesses to stay alert and to ensure their employees are aware of invoice fraud too.

However, any business using email to discuss and execute payments, even if only in part, is at risk. This is why a strict payment verification process is needed and robust IT security measures must be in place. Business owners transferring money regularly or working with foreign partners are prime targets because they might be less likely to think any request to transfer money is out of the ordinary.

If wiring 10, 000 to a supplier overseas is how you normally do business, an email purporting to be from them asking for a similar amount in reference to what looks like an authentic invoice might not raise an eyebrow.

Head of Action Fraud, Pauline Smith, said: It is important that employees are made aware of invoice scams and are ready to recognise the signs of fraud. Incidents of invoice fraud are underreported and therefore it is difficult to know the true scale of this fraud type, however what we do know is that this type of fraud prevails across all types of business and no one type of industry is immune. Those organisations that are worried they may fallen victim to fraudsters should always report to Action Fraud.

from a payment processing and awareness perspective, the FBI suggests:

(1) Verify any changes to your vendors? payment locations and confirming any requests for transfer of funds

(2) Be wary of free, web-based e-mail accounts, which are more susceptible to being hacked

(3) Be careful when posting financial and personnel information to social media and company websites

(4) Regarding wire transfer payments, be suspicious of requests for secrecy or pressure to take action quickly

(5) Consider financial security procedures that include a two-step verification process for wire transfer payments

(6) Create intrusion detection system rules that flag emails with extensions that are similar to company email but not exactly the same. For example, .co instead of .com

(7) If possible, register all Internet domains that are slightly different than the actual company domain

(8) Know the habits of your customers, including the reason, detail, and amount of payments. Beware of any significant changes

From a security perspective, do the following:


High Streets Initiative