Tax & admin ยท 17 September 2018

How cyber criminals swindled ?77m out of small businesses last year

The fraudster?s typical route of attack is to contact an employee via email
Small business owners lost ?77m last year after cyber-criminals tricked them into making fraudulent payments, according to new figures.

New data from audit, tax and consulting firm RSM and Action Fraud, the UK?s national fraud and cyber-crime reporting centre, revealed that business owners submitted over 3,451 reports about so-called mandate fraud in 2017-18. That is up 123% on the previous year?s figures.

The average amount lost by each business was ?22,500, 8% higher than the year before.

Akhlaq Ahmed, forensic partner at RSM said mandate fraud occurs when an employee is tricked into changing a regular payment mandate such as a direct debit, standing order or bank transfer and redirecting it into a fraudster?s account.

The fraudster?s typical route of attack is to contact an employee via email pretending to be from a supplier that receives regular payments. These approaches can sometimes seem plausible, added Ahmed, because the fraudsters have correct details of staff members? names and departments obtained from phishing attacks.

Fraud stories


Business fraud stories from two burned small businesses

With new research suggesting business fraud awareness is stagnating, two small company owners share their experiences of being stung by swindlers.


The bogus supplier will then explain that as they have changed banks, the standing order will need to be updated with the new account details.

“The doubling of losses from mandate fraud over the last year should be a cause for concern for all businesses. Far too many businesses are falling victim to mandate fraud. In some cases, the losses are relatively small, in others they can run into hundreds of thousands of pounds, potentially putting the future viability of the business at risk,? said Ahmed.

“Businesses must ensure their accounts staff are trained to recognise the hallmarks of a mandate fraud attempt. With the right training and controls in place, there?s no reason why these frauds should be successful.”

RSM said businesses should take preventative measures such as implementing staff training programmes, verifying all request for amended payments by checking directly with the organisation or supplier in question and never leaving invoices or regular payment mandates on display for others to see.”

CEO fraud


What is CEO fraud and how can I identify it?

Business Advice unpicks one of the growing threats to small companies, asking what is CEO fraud, before consulting two experts on the typical tactics employed by scammers and how owners can protect their firm.


Sign up to our newsletter to get the latest from Business Advice.