Recently Team HB’s Karen, Amy, Catherine, John and Vicki took part in the ‘Helping to Protect you from Fraud’ seminar run by Lloyds Bank to ensure we adhere to current best practice. Here we share details of the risks facing business today and provide Lloyds resources which set out the steps you can take to protect your organisation from fraud. Are you and your business taking action to prevent fraud?
Fraudsters use social engineering tactics – manipulation – to get individuals to take actions (such as make a payment) or divulge information (such as passwords) to enable them to commit fraud. Information found on social media is often used such as posing as someone you already trust. Fraudsters also use spoofing techniques where they imitate genuine phone numbers and email of trusted financial institutions or imitate senior company members, for example posing as a company director via a hacked email to demand an immediate payment to a bogus supplier.
Advice: Implement a social media policy which helps employees understand their responsibilities when using social media both at work and at home
For further support, please visit: www.getsafeonline.org/business
Take five – pause first and prevent fraud
Before you act, Financial Fraud Action UK Ltd (FFA UK) advise you ‘take five’ and stop to consider if the situation is genuine:
- Never disclose security details, such as your PIN or full banking password. Banks and other trusted organisations will never ask you for these in an email, on the phone, by text or in writing.
- Do not assume an email or phone call is authentic. Just because they know your basic details, it does not mean that they are genuine.
- Do not be pressured into a decision. Under no circumstances would a bank or organisation force you to make a financial transaction on the spot.
- Listen to your instincts. If something feels wrong, it is usually right to question it. Fraudsters may appear trustworthy, but they may not be who they claim to be.
- Stay in control. Have the confidence to refuse their requests, especially if you feel that you are not in control.
For more details see: www.financialfraudaction.org.uk
Are you aware of the many different types of security threat from phishing to invoice fraud?
A scam where an email looks genuine (and may even link to a website that also looks genuine) but is sent by fraudsters to make you divulge security information such as bank details and passwords.
Systems are infected with malware that blocks access to important files typically by encryption. Once locked out of company systems the fraudster demands a ransom is paid, often in the digital currency Bitcoin, in order to provide the key which will decrypt files and restore access.
Vishing and smishing
Vishing is a phone fraud where you are tricked into providing information and transferring money from your bank account. The perpetrators often pose as your bank’s fraud department and have a good deal of information about you in order to appear genuine. Smishing targets people by text message to their mobile phone typically to warn them of a problem with their account – fraudsters now have the technology to add their message onto a genuine message thread in your text message inbox.
The fraudsters pose as the CEO or another senior member of staff, demanding an urgent payment, by spoofing their email or by creating a new email that’s almost identical to the original or by hacking the CEO or senior member of staff’s email account.
Fraudsters pose as a supplier and use the ruse that their bank details have changed to divert payments that should be for the genuine supplier to a different account.
By posing as a customer the fraudster orders good and then makes a deliberate (often huge) overpayment for them and then trick you into making a refund. Then it will transpire that the original payment was stolen or counterfeit and will be returned ‘unpaid’ by the bank but by then you’ll have repaid the customer/fraudster their overpayment.
Someone working for your company as an employee or contractor could commit fraud, for example with fraudulent expenses claims, misappropriating assets or making financial payments from the business that benefit themselves.
Card and cheque fraud
Fraudsters can create counterfeit company cheques, steal genuine cheques or alter existing cheques to benefit them as payee. Similarly, someone can fraudulently use company cards to steal money from the company, if for example they discover or know the PIN.
Are you & your business taking action to prevent fraud? Take steps to protect your business
In each case there are actions you can take to protect your systems, train your team and handle suspicious situations with caution.
For details, download Lloyds Bank Commercial Fraud Risk Brochure
This sets out practical actions to mitigate against the risks of each of the different threats we outlined.
If you want further advice you can contact Donna Dimmack at Lloyds bank directly:
We extend our thanks to the expert speakers that shared their know-how and practical advice at this seminar organised by Lloyds Bank:
- Andy Bates, Executive Director at the Global Cyber Alliance
- Tony Blake, Head of Fraud Prevention for the Dedicated Card & Payment Crime Unit
- Donna Dimmack, Fraud Education Manager and the Fraud Prevention team at Lloyds Bank
- Chris Way, Area Director for Lloyds Banking Group