Starling’s financial crime specialist Laurie Hood explains how you can help protect your business from fraud.
You’ve set up your business, re-mortgaged your house and lined up your first customers. Everything is going well - your dream of being a successful entrepreneur is in sight. Then the fraudsters arrive. How do you protect your business and what should you look out for?
UK Finance’s Take Five to Stop Fraud campaign says that CEO impersonation scams and invoice fraud are common ways that businesses are targeted. Take Five is a national campaign led by UK Finance, offering straightforward advice to help protect against fraud.
Here, we run through what you can do to help stay safe.
Invoice fraud
Fraudsters may attempt to amend bank/payment details for suppliers, in order to defraud your business. To do this, the unscrupulous individual may impersonate a legitimate employee of your company, or a supplier. Such a request could come in a variety of forms, including via telephone, letter or email. Sometimes these can be very well-worded and convincing.
Alternatively, fraudsters may also try to infect company computers with malware, or spoof an email address to appear legitimate.
The scale of invoice fraud was revealed in a 2021 study by UK Finance, which estimated these scams as costing around £82 million a year, with around 4,950 cases.
To protect your company from this risk, it’s a very good idea to double check account details with any long-term supplier (using details held on file), if you have recently received a request to amend payment details.
Experts advise to also provide immediate confirmation of a payment - including the beneficiary account - there may be more chance to recover funds if an error is reported to your bank early.
Consider whether the details of your company’s relationships with suppliers, or other organisations, are too public. If this information is easily accessible, it can be used by fraudsters.
Remember, if you’re ever in doubt, speak to the supplier directly using reliable contact details taken from file.
CEO fraud
As the name suggests, this type of fraud involves the impersonation of senior executives or management at a company, relying on their ability and authority to make payment orders/requests on behalf of the company, to suppliers.
CEO fraud is a significant risk to all businesses - and large sums of money can be involved. Action Fraud reported a case of £18.5 million having been lost by a single company. In 2021, UK Finance reported 57 cases of CEO fraud above the £10,000 level between 2019-2020.
You should always seek confirmation from a senior colleague before making a payment, especially if you have the slightest of doubts. Having controls in place to ensure appropriate authorisation is imperative.
Employee fraud (also known as internal fraud)
Employee fraud can span several areas of a business, but tends to have the most impact on business finances. Smaller companies are more likely to feel the immediate effects of employee fraud, which can put a serious strain on day to day operations. Examples of internal fraud:
1. False accounting
This is a serious criminal offence with severe consequences. It carries the possibility of such significant losses that a business is no longer able to trade.
False accounting can involve an employee tampering with or altering an account, or alternatively, presenting business records which are inaccurate and not reflective of the true financial situation of the company or organisation.
But why would an employee do this and to what benefit?
A fraudster may use false accounting to gain access to additional lending or finance on behalf of the business, to inflate share prices, or for self-gain through an agreed performance bonus, or covering losses/theft.
To protect your business, always ensure an employee is suitably qualified and background checked before undertaking their role. Reconcile accounts regularly and ensure additional authorisation is required to proceed with significant payments.
It’s important to promote a culture of fraud awareness within your teams. Adopt a zero tolerance policy towards internal fraud and ensure access to records or buildings are controlled. Make sure that every audit process in place is appropriate.
False accounting can be hard to detect and catastrophic to a business when it isn’t spotted early. If you think you’ve been a victim of false accounting, you should report this to Action Fraud.
2. Payments
Simply put, payment fraud is the act of diverting legitimate payments or creating false payments. This method of internal fraud is not to be confused with Authorised Push Payment, or APP fraud, which frequently involves a fraudster using social engineering (impersonation) to request a payment.
Payment fraud can be achieved by falsifying the bank account details of customers, suppliers or intended beneficiaries to a different account, by colleagues who handle such payment requests.
Alternatively, another method is to process false claims or refunds - effectively issuing unauthorised payments on behalf of the business. These payments may be made directly to the colleague’s own account, or that of a relative or third party, often known to the employee.
Additionally, cheques can be intercepted and altered, in an attempt to cash these for self-gain.
3. Expenses
False claims for travel, costs, accommodation and client engagement can all add up, if an employee is being dishonest with their expenses. This can also include timesheets.
Experts advise that you should always ensure any authorisation of such expenses, such as a senior colleague’s signature or email, is genuine, as these can be easily forged.
Protect your business from fraud
Remember, if you receive any request to provide financial information or make an urgent payment then Stop, Challenge and Protect - visit our friends at Take Five for more fraud advice.
If you think you’ve been a victim of fraud, report it right away to your bank and also to Action Fraud.
Article updated 26 January 2022
