Despite all our best efforts, criminals are targeting SMEs with increasingly clever email scams. Businesses need to be incredibly cautious when making payments to suppliers and to be especially aware if they receive new bank details to pay to.
We have recently been contacted by several businesses who have fallen foul of an email invoice scam. We advise our clients to be vigilant to ensure their hard-earned money isn’t finding its way into a criminal’s bank account!
The article below highlights some of the key scams currently being used and the best ways to protect yourself and your business.
Protect your money from scammers
FRAUDSTERS are using increasingly sophisticated techniques to get at our money, beyond the standard phishing emails. So what are the scams, how can you protect your money and what are the banks doing to crack down on them?
The government’s Annual Fraud Indicator estimates that the cost of fraud to the UK is £195billion a year, with 70 per cent of this being cyber-enabled. Last year, the Crime Survey for England and Wales included computer misuse offences for the first time, including unauthorised access to personal information, recording a startling two million crimes.
Men, it seems, are more vulnerable, losing an average of £2,354 compared with only £809 for women according to Action Fraud, the national fraud and cyber crime centre. But everyone is at risk, particularly if you bank online and are a regular computer, tablet or smart phone user.
This type of scam has existed for a long time but keeps evolving. An email will drop into your inbox, with a link or attachment to download, which looks like it has come from a genuine contact or legitimate international company.
It might be offering you an HMRC refund or telling you there has been a security breach on your PayPal account. If you click on the embedded link, fraudsters can then infect your device with malicious software which gives them access to the information stored on it. You may also be taken to a spoof website or fake customer service number where your personal information will be obtained for illegal purposes.
The latest version of this fraud is an invoice email which appears to be from a trusted source but again if you open or download the attachment it can spread a virus. The email may be from a real contact but that doesn’t mean it is safe. If you suspect an email is fake, don’t reply to it or click any links or download any attachments.
Scott Storey, cyber security expert at Sheffield Hallam University, says: ‘Links in emails that steal your personal data are a common way of attacking people. They can send millions of emails and only need a handful of people to click on them to make it worthwhile for themselves.’
False bank accounts
The stakes are much higher with this particular fraud and customers have lost hundreds of thousands of pounds sending money to false accounts.
This crime occurs when customers receive a spoof email from a company they owe money to.
This might be a builder or solicitor who is waiting for a deposit or final payment. Having got into the company email address, sometimes via a malware scam as described above, hackers track the messages and then send out their own email to the customer. In this message they give fake bank details and ask for the money to paid into that account.
Last year an Essex couple lost £120,000 when they thought they were paying an inheritance tax bill via their solicitor. The Solicitors Regulation Authority also warned that email hacks of conveyancing transactions are now the most common cybercrime in the legal sector. If you receive an email asking you to make a bank transfer to a person or company you have not made a payment to before, or if they say they have changed their bank details, always double check, even if you are expecting the invoice.
Phone the person you have been dealing with and ask to check the correct bank details. If it is a large sum send a small amount first, even £1, and then check they have received it before paying the balance.
If you are caught out don’t expect the bank to repay you because their standard response is that the mistake lies with the customer. Banks don’t check to see if the name on the receiving bank account matches the online or Clearing House Automated Payment System (Chaps) payment request. Instead, only the account number and sort code of the recipient have to tally. For example, if you set up a payment to Joe Smith but the account number and sort code you used were registered to someone with the name Mickey Mouse, the transfer would still go through. Campaigners argue that the Payment Systems Regulator should act to ensure all banks carry out proper checks on account names but as yet this has not happened.
Bogus telephone calls
If you receive a call from someone claiming to be from an internet provider, bank or any other service that has access to personal information, never give away details, such a pin number or password, and do not give them access to your devices.
Some elaborate scams involve bogus calls from people claiming to be doing urgent security checks on your computer. This may involve being passed from one person to another making it seem like a legitimate company with a team of people in different roles. They may also ask you to call them back on a number they give you, particularly if they detect you are suspicious.
Providing a sense of urgency is a common tactic to get you to act immediately without giving it a second thought, says Scott. But anyone who is genuine won’t mind waiting for you to think it over.
Say no and then call back later on a number you know is genuine rather than the one they give you. And never think you are too smart to be caught out. Fraudsters scammed £18,000 from a high-profile UK criminal psychologist last year via a cold-call sting.
The newest scam on the block is smishing, or SMS phishing, which sees imposters using specialist software to alter the sender ID on a text message from the bank. This message is added to an existing chain on the customer’s phone and therefore appears genuine.
If you click on the link you can be taken to a replica of the bank’s website which will ask you to input your personal details including pin numbers and card details. This information will then be used to empty your account. NatWest has been particularly affected but it is also spreading to other banks. The messages will state that you must act to avoid account suspension or that there has been fraudulent activity on your account.
Article originally featured at: https://www.metro.news/protect-your-money-from-scammers/1118403/
If you believe you have been the victim of a scam email or wish to report one then please head to https://www.actionfraud.police.uk/scam-emails