Cyber Attacks in 2022 are much more frequent and complex because they are enabled digitally. To stay secure against business impersonation fraud, you must educate your staff and ensure they verify payment details before paying invoices or they could become a victim of cyber fraud.
Figures from UK Finance show the number of impersonation scam cases has more than doubled in the first half of 2021. These scams resulted in criminals stealing £129.4 million through this type of fraud in the first half of 2021. In the same period last year, there were nearly 15,000 impersonation scam cases, leading to £57.9 million being stolen.
Criminals stole £129.4 million through Impersonation Fraud in the first half of 2021. via UK Finance.
What should we look out for?
If a client requests payment details change for long-standing invoices (especially via email), staff should confirm the account details with their known contact over the phone.
For an extra layer of security, you should consider using a test payment to confirm that payment has been received.
Make sure all your staff who deal with invoices know this process! Embed this additional layer of training when onboarding new employees and check in periodically to keep staff aware of any additional changes to your processes.
Cyber-attackers often time impersonation scams during holidays (Summer, Christmas, Easter); they will step up their efforts when a key member of staff who would usually oversee invoices is away on holiday. So ensure staff are reminded of this type of attack during those periods.
CEO Fraud
This type of Business Impersonation Fraud is when the attackers attempt to spoof or take control of a senior leader's email address.
Often attackers will send emails requesting payment to be made urgently; your staff should double-check the sort code, account number and amount(s) requested to avoid falling victim to this type of fraud.
We recommend that your staff are aware that they should gain verbal confirmation of any payment request they receive from senior management.
Invoice Fraud
Supplier Invoice Fraud is a type of Business Impersonation Fraud when a cyber-attacker sends a fake invoice hoping it will slip into your inbox unnoticed and is paid without question.
Often cybercriminals will have spent time researching before sending out the invoice to staff. They will look to send the request at periods where they will have the maximum chance of success - busy payment periods (payroll weeks, end of tax year, Christmas).
How do you know what is a genuine invoice versus a fraudulent invoice?
Does the invoice show a change in details? (Account number and sort code)
Always verbally confirm any change in payment details within your company.
Get senior staff approval on payment details before sending money for the first time to a new contact.
Don’t be afraid to call to check up on an invoice. But use the contact details you have stored on file or saved in your CRM system. Don’t trust the phone number if it’s different on the invoice - this could be fraudulent.
Worried about your staff?
The Cyber Resilience Centre can deliver your staff security awareness training through a half-day session either online or in person in your office. Our security awareness training session is interactive for attendees and builds upon key learnings through examples specific to your business and industry.
Ready to prepare your staff with security awareness training? Contact us today to learn more.
Comments