Fraud is on the increase. In recent weeks, we have seen a number of attempted frauds involving fake emails, supposedly sent by senior members of the organisation. The email states that they (the senior member of staff) are out of the office but they require an urgent bank transfer to be made. The emails are fake and have been used to try and get payments out of the business.
Fraudsters are looking for “out of office” messages in response to their spam emails or searching social media to find out when senior staff are out of the office or on holiday. Once they know the person is out of the office they can use this as an opportunity to send their email. The emails appear to be from the correct email address even when you look at the email’s properties. It can therefore be hard to distinguish genuine emails from fake.
A number of these scams have been stopped as the email recipient thought the tone of the email was strange or noticed that they were not addressed in the normal way (for instance Michael instead of Mike). Fraudsters, however, are becoming ever more sophisticated and are hacking into email accounts to observe the tone of genuine emails so they can replicate it in their scams. All organisations need to be aware of these sort of “phishing” scams and need to be aware of the risks of making bank payments based purely on emails whether from staff or members.
It is not just email scams that are becoming more common with telephone scams also on the increase. Last year, in total, there were 5.1m cases of fraud in England and Wales according to the Office of National Statistics.
In the national press last month, it was reported that a UK blue chip company made an eight figure transfer, after the finance team received a call from someone claiming to be the foreign based CEO. The call was fake but unfortunately payment was made. Thankfully, in that case, the Police managed to freeze the transferred funds. UK entities are facing an increased number of fake calls claiming to be senior staff, the bank or suppliers either requesting bank transfers or bank details so they can make fraudulent payments later. Software allows hackers to change the number showing on caller display which may make the call appear to be from a genuine number.
One of the most common scams is still the fake letters/emails/phone requests from a supplier to change the payment details. Many companies are not checking the details and making the payment before discovering they have been the victim of a fraud. For fraudsters, finding details of your suppliers is not difficult with the internet, observing deliveries or your signing in book often providing the necessary information.
As attacks become ever more sophisticated it is important that everyone is on their guard. There are a number of things that can be done to help prevent the risk of loss to frauds including:
- Many banks offer software to help prevent against fraud.
- Don’t give payment authorization codes or other sensitive information to 3rd parties even if they claim to be the bank.
- Don’t make bank payments purely on the strength of an email.
- Carry out checks with the supplier if their bank details have changed.
- Require dual authorisation for bank payments.
- An active internal audit function can help detect weaknesses in your systems. For details on how we can assist with your internal audit system please click here.