close menu

How to protect your business from common cases of cyber fraud in 2017

by Saskia Johnston | Feb 14, 2017
  • In today’s world, online versions of fraud are becoming more common. Small businesses must be careful not to fall victim to cyber thieves. In our business, we use cutting-edge technology, systems and compliance to try protect ourselves from potential cyber fraud. This is essential as the security of our clients’ funds are of paramount importance to us. However, there are many easy checks any small business can use to try and prevent any potential cases of cyber fraud.
    cyber fraud

    Keep your eyes peeled and stay in the loop

    The first precaution you can take is relatively simple: Stay informed.

    Whether you are in the construction industry or fintech, no business is exempt from cybercrime. The easiest way to protect your business is to stay informed.

    Most industry bodies, irrelevant of sector, will discuss common topical happenings specific to that industry. Try keep an ear to the ground to know what may be affecting your competitors and colleagues.

    Knowledge is power in these circumstances and the more we learn the better we can all protect ourselves.

    Since cyber fraud is constantly changing and evolving, what you learn this month may be out of date next month, or even next week, so be sure to stay up to date.

    If you can’t attend industry meetings, many of your peers will be more than willing to share the agenda and notes after the meeting. All you have to do is ask.

    Understanding CEO fraud

    The two most common types of cyber fraud affecting small businesses today are CEO and invoicing fraud.

    CEO fraud is when an email is sent from the CEO, or someone high up, to an employee within the same organisation. The email is generally for an urgent payment that needs to be actioned as soon as possible.

    The wording will be similar to what the said employee would expect from their CEO or superior. These emails will generally be sent to the department that deals with refunds or requests of this sort.

    When the employee opens the email, and sees an urgent request from their superior they are likely to prioritise the request and make payment as soon as possible.

    Requests from superiors are generally not questioned and are simply actioned.

    What the employee isn’t aware of is that the request has originated from outside the organisation, or even worse, the CEO’s internal email has been compromised.

    Once the payment has been actioned, the CEO is none the wiser and has no idea the request even exists. Once the payment has been made and is cleared the fraudster generally withdraws or wires the funds immediately, leaving an empty dummy account.

    It is exceptionally difficult, if not impossible, to reclaim the funds in these cases. Unlike fraudulent credit card purchases, an EFT or bank transfer is far more difficult to undo.

    In the UK, GBP-GBP same day payments are generally done via faster payments. In these cases, the funds clear virtually instantly, leaving the business little time to rectify or notice the issue.

    So how do you safeguard against it?

    A simple, yet effective way to avoid CEO fraud is via dual-authorisation within your banking system. Just having a second set of eyes overlooking the request and subsequent payment could prevent fraud.

    Not all businesses have sufficient resources to allow for this. A simple method to avoid CEO fraud could be instating a company policy requiring that all payments to new bank accounts are verified with the sender of the request via another channel.

    Most companies have internal messaging systems which are more difficult to compromise, such as Skype for Business, Yammer and Slack. Use these platforms, as opposed to email, to verify the authenticity of a new payment request.

    Having this policy would mean the employee receiving the request would simply message the CEO via another means of communication, apart from replying to the email, to confirm the payment request.

    Provided this has buy-in from senior management, and staff aren’t made to feel like they are second guessing themselves, this can be virtually foolproof in avoiding CEO fraud.

    Understanding invoice fraud

    The second most common type of fraud affecting small businesses is invoice fraud. It’s not dissimilar to CEO fraud and often occurs when a supplier emails you an invoice with updated bank details.

    The invoice will generally be one you are expecting and all that has been amended are the bank details. Either the supplier’s email has been compromised or, as in the case with CEO fraud, the email is just made to look legitimate.

    As a good client, you settle accordingly, and only a while later when your supplier is chasing you for payment do you realise you have sent funds to a fraudulent account.

    So how do you safeguard against it?

    Simply calling your supplier and double-checking their details have changed should be enough to prevent financial loss. I would recommend informing your suppliers that any change in bank details will need to be verified prior to any payment being made.

    Most suppliers will be happy to have a client verify these changes, as in cases of this type of fraud, it is a grey area in terms of where the liability would inevitably fall.

    Is the supplier liable or is the client? Simply checking and giving the manager at your supplier a ring should mitigate the risk of this happening to your business.

    Don’t forget to report fraudsters

    If you detect a potential, or actual, case of fraud the particulars should always be reported to the relevant authorities. Send these details to your banking partners as well, so they are able to flag the “dummy” account details.

    While this may not result in you being able to reclaim your funds, it will help protect other institutions from the same scam.


    As I mentioned at the beginning of this post, knowledge is power when it comes to cybercrimes. Staying up-to-date is of paramount importance when protecting both your business and your clients from fraudsters. Keep your staff and industry peers in the loop about developments like these for a better chance of protecting your businesses.

     

    If you'd like to read more articles like this, check out Saskia's other LinkedIn posts.

    We are a professional services company that specialises in cross-border financial and immigration advice and solutions.

    Our teams in the UK, South Africa and Australia can ensure that when you decide to move overseas, invest offshore or expand your business internationally, you’ll do so with the backing of experienced local experts.

    • Rand-pound-sterling
      Britain - a good time to invest? Make use of your 2018 investment allowance
      Nov 14, 2018  |  by Andrew Rissik
    • trust-handshake
      But, do you know your forex broker’s name?
      Oct 10, 2018  |  by Saskia Johnston
    • risk-ahead-sign
      Increase your business’s bottom line with currency hedging
      Jun 06, 2018  |  by Calvin Matsaure
    • dollar-euro-birdcage
      Is your forex broker saving or costing you money?
      May 15, 2018  |  by Tim Smith
    • international-money-transfers-globe
      How to choose the right forex partner for your business
      Dec 11, 2017  |  by Saskia Johnston
    • dollar-vs-rand-depreciation
      Uncertainty is here to stay, so how do you roll with the punches?
      Nov 24, 2017  |  by Gary Kockott
    • rand spiral blog
      Can the Rand make a comeback? Or is it too late?
      Oct 20, 2017  |  by Andrew Rissik
    • business-man-chasing-thief
      Scam warning! Australian importers beware
      Oct 18, 2017  |  by Tim Smith
    • Piggy bank and rain
      Protect your wealth from exchange rate volatility
      Jul 12, 2017  |  by Anton Van Teylingen
    • busisiwe-m-and-jacob-z
      Who’s propping up the Rand?
      Jun 21, 2017  |  by Andrew Rissik
     
     

    South Africa

    Cape Town

    Regent Square
    Doncaster Road
    Kenilworth 7708 +27 (0) 21 657 2120

    Durban

    25 Richefond Circle
    Ridgeside
    Umhlanga 4320 +27 (0) 31 536 8843

    United Kingdom

    London

    Castlewood House
    77/91 New Oxford Street
    WC1A 1DG +44 (0) 20 7759 7514

    Croydon

    5-7 Selsdon Road
    South Croydon
    CR2 6PU +44 (0) 20 7759 7581

    Australia

    Melbourne

    9 Yarra Street
    South Yarra
    VIC 3141 +613 (0) 8651 4500

    Sable International is a trading name of 1st Contact Money Limited (company number 07070528), registered in England and Wales. We are authorised and regulated by the Financial Conduct Authority in the UK (FCA no. 517570), the Financial Services Conduct Authority in South Africa (1st Contact Money [PTY] Ltd - FSP no. 41900) and hold an Australian Financial Services License issued by ASIC to deal in foreign exchange (1st Contact Group - AFS License number 335 126).

    We use cookies to provide the best website experience for you. Using this website means that you agree to this. How we use cookies.