It has recently been revealed that credit card and bank account fraud have risen by 40% in the past year, affecting around 5 million people in the UK.
It’s not just individuals that are suffering either – figures from the National Fraud Intelligence Bureau show that impersonation fraud has lost UK businesses around £32 million in the last year, with one company alone conned out of a staggering £18.5 million! And, of the £32 million reported to be lost by businesses to CEO fraud, just £1 million has been recovered by the victims.
But what is impersonation fraud? And how can you protect yourself and your business against this type of fraud?
What is impersonation fraud?
Impersonation fraud is a type of scam where criminals send fraudulent emails to employees, supposedly from the company’s CEO, insisting that money need to urgently be transferred from the company’s account for a specific reason. Employees in a company’s finance department are usually targeted, and they will often transfer the money in good faith, only out they’ve been scammed at a later date.
Fraudsters will go to all sorts of lengths to gather enough information to be able to convincingly pass themselves off as the CEO, from stalking social media accounts to find out personal details to checking the company’s website for more on the business and its staff. This information will then be packaged together to form a convincing email, and sent to a hassled member of staff, who might not always be as vigilant as they should be.
How to combat impersonation fraud
If you receive an unexpected invoice or email asking for a payment to be made, always check with the sender in person, to make sure it’s correct. If you can’t speak to them face-to-face, or over the phone, send a separate email to the email address you usually use for them – fraudsters will hide a fake address behind a legitimate looking one, so it’s no good replying to the potentially fraudulent email for confirmation, even if it looks genuine.
You should also take the following steps to protect your business:
- Make sure every member of staff is aware of this type of fraud by circulating emails and holding company-wide stand up meetings with all employees, not just those in finance.
- Put in place an easy-to-use system so employees can quickly verify whether an email has come from the person it says it’s come from. It might not always be possible to get hold of the CEO, so maybe set up a system whereby any requests are sent to two members of the finance team and another director. If any of these people are missing from the email, or anyone else is copied is, err on the side of caution and don’t action the email.
- Always check any correspondence for any inconsistent spelling or spelling errors, looking out for names and company names in particular, and check the email signature and even the address its been sent from – click on the email address to find out where it’s really come from, if it doesn’t tally with the supposed recipient’s email address, report it.
- Be vigilant when it comes to what company information is shown on the website and social media – while it’s good to give your business a personality that clients and customers can connect with, if there’s too much information, this can be leveraged by fraudsters.
If you think fraudsters are trying to con you or your business out of money, you can report a fraud and get a police crime reference number by calling Action Fraud on 0300 123 2040 or by using the online fraud reporting tool.
What other types of fraud should you look out for?
This infographic from Aho & Associates, a financial forensics firm specializing in fraud examinations, forensic financial litigation support, and financial records reconstruction, highlights other types of fraud your business might need to guard against.