Accountancy firm, Menzies LLP has warned businesses to be on the lookout for increased fraud risks. The warning comes at a time when organisations are struggling to adapt their business processes to cope with a new working paradigm. The checks and balances of an office-based system are no longer adequate when everyone is remote.
In a blog and a separate press release, Gavin Cunningham, partner and head of forensic services at Menzies lays out some of the risks. “A sharp rise in fraud often occurs in periods of uncertainty and economic shocks. Scammers prey on the financial vulnerability that many people experience at such times and can be incredibly creative when it comes to finding new ways to access their money. They will seek to prey on investors’ desire to recover or stem losses and offer bogus investment opportunities. Some of this will involve highly-sophisticated and organised groups.”
Government loan schemes a prime target for fraudsters
UK Government financial support schemes for businesses are one area where Cunningham sees an increased fraud risk. He warns companies and consumers to be careful of any unsolicited messages. These messages are in addition to the usual phishing and Business Email Compromise (BEC) scams that are around.
Many of the scams claim to help business and individuals unlock UK Government funds. To do so, they require a lot of information and ask for payment for their services. It gives the scammers a double whammy against the target. They get both personal and business data and a pay-out. These attacks are no different to those that ask for help in getting money out of supposedly frozen bank accounts.
Cunningham cites UK Finance, who call this type of attack Smishing. It says: [Smishing scams] “involve sending text messages which impersonate trusted organisations, e.g. banks or government departments, to encourage people to share money or personal and financial information.”
Investment scams also on the rise
Boiler-room fraud is another way that cybercriminals steal money. They are run from call centres that claim to offer access to high-yield investments. Investors are hooked with the promise of great returns which may, initially, happen. But instead of allowing the investor to withdraw their profit, the scammer persuades them to reinvest and add more money.
COVID-19 has provided many of these scams with a ready target. They hype up biotech firms and investments that are supposedly working on a vaccine. Some of the companies may exist, but many are little more than a fake website with no substance. Once the investor has put their money in, they are strung along until the scammer cashes out.
Verify who you are sending money to
Banks have spent a lot of money trying to identify and block accounts used by scammers. When they detect money sent to those accounts, they block the transaction and contact the account holder. It has prevented a number of scams in recent years.
However, criminals are quick to adapt. There is evidence that they are making the calls themselves while pretending to be the bank. They walk the unsuspecting victim through security on one phone while a co-conspirator uses that information to log into the victims bank account.
Cunningham adds: “While Banks and the Government have a role to play in protecting businesses and individuals from fraud and it should be possible for HMRC to carry out checks against their existing records to ensure they are paying the right person, individuals must also be vigilant. They must make appropriate checks on people they are dealing with, especially if they are using their services for the first time.”
What advice does Cunningham have?
To remain vigilant, business owners and individuals should heed the following advice:
- Check and check again – If you receive an unsolicited text message or email offering help or support in exchange for financial information about you or your business, you should perform some basic, independent checks. Check the sender’s internet history and ask for a phone number or email address so you can try contacting them.
- Take care with online forms – If a message is encouraging you to click on a link (embedded in their website) to complete an online form, make sure you are on the right page. If you’re being asked to complete a government form for example, you should be on a government website. Some false pages are cleverly designed to look like the real thing, for example, government websites tend to have many layers of information, so if the site you are on only has one or two pages, it might not be genuine.
- Look out for investment scams – If you are offered an investment opportunity that makes reference to COVID-19, you should be wary. If the sender is promoting a miracle cure or a safe haven from the economic impact of the virus, which may be offering projected returns which seem too good to be true, they probably are.
- Be wary of new contacts – Think twice before dealing with anyone who is approaching you for the first time, even those offering support or advice. In times of crisis, it is far better to turn to trusted individuals who you have dealt with before.
- Don’t give away your secure banking details – No bank should ask you to divulge this information, so if you are asked to provide it, this is probably a sign that you are being targeted by a criminal.
- Check before you pay– If someone unknown to you asks for an upfront payment, in exchange for helping you to access grant money or loans, they may not be genuine. Make sure you conduct the proper checks before paying in advance.
Enterprise Times: What does this mean?
Having been a Principal Financial Investigator at the Serious Fraud Office, Cunningham knows a thing or two about scams. His advice, therefore, has value. What is important is that people take time to read it and act on it. The danger is that with people in an unfamiliar routine, such as Work From Home, they won’t pay enough attention to the scams.
Many people are using personal email rather than business accounts. It means that they do not have the security controls that large organisations run. Email is delivered to personal devices which may not have up-to-date security software. There are also no colleagues to ask “does this look right.”
People should be taking advantage of video and voice conferencing to verify anything they are not sure about. It doesn’t matter if the email threatens to stop delivery of goods unless money is paid into a new account. Senior members of a business need to be available to verify and authorise payments.
Additionally, anyone asking for money to unlock Government loans should be ignored. Those loans and grants are free. There is no payment required, and there is plenty of information on the UK Government websites on how to apply for them.
The COVID-19 pandemic is already a significant threat to businesses. Poor fraud controls will only make that worse and turn difficulty into a disaster.