Invoicing

When your boss sends a suspicious email, what do you do? Impersonation fraudster exposed

Praseeda Nair | 9 November 2018 | 5 years ago

scammer
We know impersonation fraud is on the rise, but are small businesses really prepared for a well-executed scam?
Just as we get our heads around phishing tactics, the scammers change the game. When our editorial director sent us an urgent morning email, something didnt seem right.

When International Fraud Week begins on November 11 2018, governments and organisations will be promoting anti-fraud education and awareness around the world. But aren’t we savvy enough ourselves these days to recognise a scam when we see one?

Whether it’s an obscure foreign royal seeking access to your bank account or a dubious email from HMRC or Apple, people are becoming better at identifying phishing emails. With our awareness growing, fraudsters are looking at other ways to draw money out of a business. One tactic growing at a worrying pace is impersonation fraud.

Impersonation fraud occurs when a scammer uses the information and personal data of suppliers, bosses or business contacts and impersonates them in an attempt to defraud a company out of money.

Research from Lloyds? Bank recently revealed that there has been a 58% increase in impersonation fraud this year, with the average scam costing small business owners 27, 000.

One in 12 small business owners have been targeted by an imposter, but only 20% of victims admit to thinking twice when receiving a request from a boss, supplier or contact at work. Meanwhile, over a third of employees don’t know what to look out for or don’t have any security precautions in place, leaving them vulnerable.

The financial impact of impersonation fraud has even seen 6% of victims make employees redundant.

We know impersonation fraud is on the rise, but are small businesses really prepared for a well-executed scam? When we received a suspicious email this morning, we wanted to see how far we could take the scam.

What do they know about us?

Clearly, the fraudster was aware of our team’s structure and individual contact details. The email carried the name of our editorial director, but crucially, came from an inappropriate and unknown address. Unfortunately, it’s not always clear to everyone. Before we recognised the scam, one colleague responded earnestly.

Alarm bell #1: Email address

The scammer was unable to impersonate our company’s email client, so we instantly identified the email as fraudulent. Nonetheless, we wanted to continue the conversationto provide fellow SMEs with a look at the inside workings of scammers in 2018.

Alarm bell #2: No phone call

To maintain their cover, the scammerwanted to keep the conversation to email. Impersonation fraud via telephone is considerably more difficult.

We keep the game going.

Alarm bell #3: Irrelevant request

It transpires that the errand has nothing to do with our business. Some businesses will receive more believable requests to sign off goods and supplies typically used by their company.

We keep up the facade.

Alarm bell #4:

According to the impersonator, a client of our business has requested 10 quantities of the online gaming voucher worth 100 each. We’re not sure about other SMEs, but at Caspian Media we’d be unlikely to sign off a last-minute 1, 000 request without a face-to-face conversation.

How smart is our fraudster? We grabbed the first Steam Wallet Card from Google Images and continued to play along.

The imposterthinks they’re getting somewhere, so we call their bluff. How far is the fraudster willing to take this?

Somehow, they’re still invested in the scam.

Alarm bell #5: Can they explain the request?

We finally probe the impersonator, but fail to get a response.

How to protect your company from impersonation fraud

To help small companies protect themselves against imposters, Business Advice asked Dr Markus Jakobsson, chief scientist at cyber security firm Agari, what three warning signs owners should look out for.

  1. Consider the sender

first of all, is this an email from somebody in power? And does it ask for help with something? Is it addressed only to you, or to the entire company? Scammers like to single out their victims. If they sent a scam email to everybody on your floor, somebody would say hey, this is no good, and you would all put the email in the spam folder.

if the email asks for a wire transfer, or for help paying an overdue invoice, it is probably bad. After all, does your CEO normally send such requests? Well, scammers do. Or, if you are in HR, maybe the email asks for employee data. Very fishy.

  1. Look at the email address

not the name in front of it, but the email. Is that your boss? normal email address? Or is it a Gmail address, an address from ceo123.com, or just something you have not seen before?

‘some 94 per cent of all CEO scams involve a deceptive display name that’s the part of the email that says the sender’s name, which is displayed to you before you even open the email and an email address that does not match what you normally see from this person.

  1. Always ask

“If you are not sure, don’t be embarrassed to ask. Send a copy to your admin. Walk over to your boss and ask did you just ask me to pay a late invoice? Four eyes are better than two.”

Perhaps it was legitimate, after all.

Topic

Invoicing

Related Topics

Should I charge my clients VAT?
15 April 2021

Should I charge my clients VAT?

Read More →
Freelancers – How to get paid what you are owed,  on time
27 October 2020

Freelancers – How to get paid what you are owed, on time

Read More →
What is a PO number and why is it important?
2 October 2020

What is a PO number and why is it important?

Read More →
Worst offenders to be named and shamed under new late payment system
8 January 2019

Worst offenders to be named and shamed under new late payment system

Read More →
Late payments scandal: Average small business owed 24, 841 in unpaid invoices
28 November 2018

Late payments scandal: Average small business owed 24, 841 in unpaid invoices

Read More →
Freelancer’s guide to invoicing: Everything you need to get paid
26 November 2018

Freelancer’s guide to invoicing: Everything you need to get paid

Read More →

If you enjoy reading our articles,
why not sign up for our newsletter?

We commit to just delivering high-quality material that is specially crafted for our audience.

Join Our Newsletter