All businesses targeted by fraud are at risk of loss of revenue and reputation – although small and medium sized enterprises are most at risk due to their size. Scammers have many ways to target businesses, and it is important to be aware of the different avenues they may take. However, with the right controls and processes in place, you can reduce the risk and protect your business against fraudulent attacks.
To help you get started, here are our top 10 tips for fraud prevention:
1. Ensure all computers have up-to-date anti-virus software and a firewall installed, and browsers are set to the highest level of security and monitoring.
This will help to prevent malware issues affecting company computers, and prevent hackers from gaining access. Always make sure you have the latest software and app updates installed on all company devices, and that staff email accounts are protected with a unique password and two-factor authentication.
2. Keep an eye out for requests to change bank details
If you receive an email requesting you send money to different bank accounts, or to change the details on a real invoice, call a contact you know to check the request is real. Scammers can gain access to email accounts and intercept ongoing email conversations, and can use this to trick businesses into sending money to their accounts.
3. Research new suppliers
Scammers may target businesses by attempting to sell them non-existing products through seemingly genuine websites or sellers. Always research new suppliers and check for genuine customer reviews before purchasing anything. If possible, try to see the item in person, and avoid placing a large first-time order.
4. Be aware of scam calls
One tactic scammers use is to directly call businesses pretending to be other companies, banks, service providers, or even HMRC and the police. They may ask staff to provide bank details, make payments or download software which would give the scammer control of the device. Never follow these instructions from an unexpected caller – if you have any doubts at all, you can search for the real phone number of the company online and call them to verify.
5. Be aware of unusual emails from senior members of staff
If a colleague, particularly a higher-up such as a director or CEO, emails you to make a payment to new bank details, check the request is legitimate by calling them on a trusted number – it may be a scammer who has gained access to their email account.
6. Identify areas of the business that may be susceptible to fraud
Think about possible ways a scammer may target your business, and what systems can be used to reduce risk – if you already have processes in place, test these to make sure they’re as air tight as possible. Regularly review these systems, and keep all members of staff informed of how they work and their responsibilities.
7. Look out for suspicious orders
Scammers may pose as customers in order to build a trusting relationship with you, which they can then exploit by requesting a line of credit that they do not intend to honour. If in any doubt, gather as much information about your customer as possible to ensure they are legitimate, and remember you do not have to take them on as a customer if you are unsure.
8. Carry out pre-employment checks
Almost one in five small businesses have been defrauded by an employee at some point in their history – this can cause significant damage to the business. One of the easiest ways to prevent internal fraud is to be vigilant with who you employ. Verify candidates’ personal information and background where possible, and always ask for at least two independent references.
9. Watch out for phishing emails
Phishing emails may imitate the government, banks, or other businesses in an attempt to get you to click on a link and provide personal details, such as banking information. Make sure you never click links from unexpected or strange looking emails, even if you recognise the email address – these can be spoofed.
10. Finally – be aware of fraud recovery fraud!
Fraud recovery fraud targets previous scam victims – they pretend to be a government, police or law agency that can help to recover the lost money, but will ask for a fee to get it back. Genuine agencies never ask for fees to recover money lost, so if you’re asked to pay end all contact immediately. Challenge any contact from companies you’ve never contacted who have reached out, and ask how they found out you were a victim. By law, reports of fraud cannot be shared outside of law enforcement agencies.
We are currently running an offer on our Whistleblowing and Modern Slavery courses for this month only! Get 10% off these online training courses with the code ‘fraud10’ at checkout.
To keep up to date with the latest health & safety news and advice, follow us on social media: