Tax & admin · 17 September 2018

How cyber criminals swindled 77m out of small businesses last year

The fraudster’s typical route of attack is to contact an employee via email
Small business owners lost 77m last year after cyber-criminals tricked them into making fraudulent payments, according to new figures.

New data from audit, tax and consulting firm RSM and Action Fraud, the UK’s national fraud and cyber-crime reporting centre, revealed that business owners submitted over 3, 451 reports about so-called mandate fraud in 2017-18. That is up 123% on the previous year’s figures.

The average amount lost by each business was 22, 500, 8% higher than the year before.

Akhlaq Ahmed, forensic partner at RSM said mandate fraud occurs when an employee is tricked into changing a regular payment mandate such as a direct debit, standing order or bank transfer and redirecting it into a fraudster’s account.

The fraudster’s typical route of attack is to contact an employee via email pretending to be from a supplier that receives regular payments. These approaches can sometimes seem plausible, added Ahmed, because the fraudsters have correct details of staff members? names and departments obtained from phishing attacks.

Fraud stories


Business fraud stories from two burned small businesses

With new research suggesting business fraud awareness is stagnating, two small company owners share their experiences of being stung by swindlers.


The bogus supplier will then explain that as they have changed banks, the standing order will need to be updated with the new account details.

“The doubling of losses from mandate fraud over the last year should be a cause for concern for all businesses. Far too many businesses are falling victim to mandate fraud. In some cases, the losses are relatively small, in others they can run into hundreds of thousands of pounds, potentially putting the future viability of the business at risk, said Ahmed.

“Businesses must ensure their accounts staff are trained to recognise the hallmarks of a mandate fraud attempt. With the right training and controls in place, there’s no reason why these frauds should be successful.”



Tax & admin