Small business owners lost £77m last year after cyber-criminals tricked them into making fraudulent payments, according to new figures.
New data from audit, tax and consulting firm RSM and Action Fraud, the UK’s national fraud and cyber-crime reporting centre, revealed that business owners submitted over 3,451 reports about so-called mandate fraud in 2017-18. That is up 123% on the previous year’s figures.
The average amount lost by each business was £22,500, 8% higher than the year before.
Akhlaq Ahmed, forensic partner at RSM said mandate fraud occurs when an employee is tricked into changing a regular payment mandate such as a direct debit, standing order or bank transfer and redirecting it into a fraudster’s account.
The fraudster’s typical route of attack is to contact an employee via email pretending to be from a supplier that receives regular payments. These approaches can sometimes seem plausible, added Ahmed, because the fraudsters have correct details of staff members’ names and departments obtained from phishing attacks.
The bogus supplier will then explain that as they have changed banks, the standing order will need to be updated with the new account details.
“The doubling of losses from mandate fraud over the last year should be a cause for concern for all businesses. Far too many businesses are falling victim to mandate fraud. In some cases, the losses are relatively small, in others they can run into hundreds of thousands of pounds, potentially putting the future viability of the business at risk,” said Ahmed.
“Businesses must ensure their accounts staff are trained to recognise the hallmarks of a mandate fraud attempt. With the right training and controls in place, there’s no reason why these frauds should be successful.”
RSM said businesses should take preventative measures such as implementing staff training programmes, verifying all request for amended payments by checking directly with the organisation or supplier in question and never leaving invoices or regular payment mandates on display for others to see.”
Business Advice unpicks one of the growing threats to small companies, asking what is CEO fraud, before consulting two experts on the typical tactics employed by scammers and how owners can protect their firm.
Sign up to our newsletter to get the latest from Business Advice.