The number of criminals fraudulently attacking businesses is on the increase. There is a lot of news about individuals being targeted during the current pandemic but there is a huge risk to businesses as well. Homeworking businesses are being hit by increased fraud.
Protect your business from cybercrime fraud
Statistics tell us that business fraud related to Covid 19 is up by 370% in March: before we were in lockdown (data from the National Economic Crime Centre). Cybercriminals are constantly evolving their methods and are taking advantage of many of us working from home. Now experts are predicting that companies could face costs and losses running into millions of pounds.
Criminals are exploiting vulnerabilities in how we are working remotely. We would urge you all to carefully read about three of the most common ways and take any mitigation necessary. Also, consider following the National Cyber Security Agency (NCSA) online. NCSA is the part of GCHQ that shares practical information about preventing online attacks.
What you can do to protect you and your business from fraud
- Keep your homeworkers vigilant
Home workers are being targeted with phishing attacks – usually in the form of emails designed to either encourage them to share information, click on links, or download documents and apps that are infected with malware. Downloading malware could steal valuable and proprietary data or it could ‘capture’ your data by locking the computer and demanding a ‘ransom’ to release it back to you.
Phishing emails may help criminals gather information about your business that they can use at a later date to scam you. Employees may be asked to physically transfer money as a donation to a fake ‘charity’, or to make business payments to new suppliers or to a different bank account; an email may allege that these payments have been ‘authorised’ by you using your name and job title as proof of their authenticity. The scams that are out there are endless. These criminals are looking for unaware victims and one cyber security company has estimated that up to 55% of business PCs may be vulnerable to cyber attack as they are now connected to home networks that lack sophisticated security protection.
- Video conference safety
There are a number of reports that video conferencing apps are being hacked or invaded by non-invited participants, who listen in for sensitive information. It is highly recommended that you set up a strong password for attendees and check who has joined the call. Do not share meeting passwords on public platforms. Non-authenticated guests should be held in a ‘lobby’ for further checks. Also be aware that cloud providers may automatically record the call and may store your data – particularly any documents that you share online – in jurisdictions outside of the UK – do not share sensitive information over these calls unless you are comfortable with this.
More useful guidance may befound here https://www.ncsc.gov.uk/guidance/video-conferencing-services-security-guidance-organisations
- Fraudulent retail transactions
Experts have pointed out that business systems may not be as sophisticated in detecting fraud whilst large numbers of employees are working from home and not communicating as regularly as is normal. We are aware of a number of frauds including fake creditors and online sales and returns.
Fake creditors – There have been reports of businesses losing large amounts of money by paying a fake creditor. The scam works when a person, purporting to represent a creditor, approaches a struggling business and offers to delay a large payment in return for a smaller down payment. A business may be tempted to make this smaller payment to help with their cash flow but instead, end up giving the money to a fraudster.
Online shopping abuse – Be aware that fraudsters are using myriad ways to abuse online retail and in the current climate, desperate business owners may be less likely to check up on unusual requests. We’ve read about fraudsters making large and costly purchases but paying for them on stolen credit cards. Later, they return some or all of the goods, demanding a refund, which is paid promptly by the honest business. Only later is it discovered that the initial payment was fraudulent, leaving the business out of pocket.
Retailers are also seeing a lot of impulse shopping by bored customers, who later regret the decision and return goods – this isn’t fraudulent but can lead to a costly returns scenario. Other customers may be purchasing a large number of items online before selling them on privately, without adding VAT and passing on the tax to HMRC. This ultimately impacts taxpayers.
Good advice to help businesses prevent fraud and stay safe online
Educate and Communicate: You may have shared the dangers of cybercrime with your team but as cyber criminals adapt their strategies quickly during this coronavirus outbreak, it’s worth reopening this topic – tell them about new threats and remind them not to open unexpected attachments or links without checking first. Even better, if you can, invest in greater security – see below.
Update your security: take professional advice about the right security principles for your business including secure VPN and two-factor authentication (2FA).
Verify: Remote working finance departments should take extra steps to ensure the person they are communicating with is who they say they are. If your team receives a request to move money into a new bank account, contact the supplier directly using established contact details, to verify and corroborate the payment request and encourage them to phone the ‘authoriser’ and verify over the phone that this payment should be made. Don’t rely on emails that may have been sent by the criminals themselves.
Have clear internal processes: Establish robust internal processes for handling changes to payment details. For example, only designated employees should be able to make changes to payment arrangements. Any business that sells goods liable to VAT ought to be wary of a new customer placing large repeat orders. Implement a clear returns policy – this may need to be more stringent to ensure that you cover costs during the lockdown period. Ensure that all employees involved in returns and refunds are communicating to ensure that money is cleared before refunds are given.
Sensitive information: Invoices, payment requests, and other documents containing sensitive financial information should be stored securely and only be accessible to those staff that need them to perform their duties. Think very carefully before sending encrypted sensitive documents via email or sharing as part of a video call.
If you have made a payment to a fraudster: Inform your bank as soon as possible as they can help you prevent any further losses. Monitor your bank statements regularly for any unusual activity.
Report scam emails
If you receive a scam email, report it! Forward to firstname.lastname@example.org – that is the NationalCyberSecurityCentre (part of GCHQ) – the email will then be looked at and will hopefully help to take down the sites issuing scam emails.
More guidance may be found here https://www.ncsc.gov.uk/guidance/home-working
HB Accountants are accountants for business. We know how criminals can badly damage your business and we are here to help you protect yourself, your business and your future. For financial and accounting guidance and support, please contact Keith or Karen. We’re still working hard to help you make the right decisions.
We hope this information helps you and we are here for you during this difficult time. Our business contingency plan is in place and we will do everything we can to support our clients during this uncertain period, please do not hesitate to contact us here if you have any concerns or queries.
Latest blogs from HB Accountants
- Worrying about affording your monthly car finance during the Coronavirus crisis?
- COVID19: Loan scheme expanded to help larger businesses
- COVID19: Government launches new coronavirus business support finder tool
- This is the time to take a Business MOT
- COVID19: Furloughing – Holiday Pay and Annual Leave Guidance
The information contained above is for general guidance purposes only. Whilst every effort has been made to ensure the contents are accurate, please note that each individual has different circumstances and it is essential that you seek appropriate professional advice before you act on any of the information contained herein. HB Accountants can accept no liability for any errors or omission or for any person acting on or refraining from acting on the information provided in the above