Businesses are being targeted by organised fraudsters in a number of impersonation scams according to the National Fraud Intelligence Bureau (NFIB).
Some cases have resulted in multi-million pound losses and pose significant threats to businesses that fail to take any security measures to protect themselves say the NFIB.
How fraudsters are targeting businesses:
Mandate Fraud
Fraudsters impersonate a supplier you have an existing relationship with, and provide alternate bank details with respect to a genuine invoice, which may have been altered.
‘CEO’ Fraud
Fraudsters impersonate the company director, CEO, CFO or similar, and instruct a member of the company’s finance department to transfer funds with respect to a discreet and/or sensitive acquisition, either of another business, or commercial property.
On occasion, the fraudsters will introduce a third party, purporting to be a lawyer or regulator, to add a sense of legitimacy to the request. These individuals may also impersonate a genuine entity, however are also a member of the organised crime group.
Retailer Impersonation Scam (a.k.a. European Distribution Fraud/EDF)
Fraudsters impersonate genuine retailers or wholesalers and place large orders for goods with suppliers who may or may not have an existing relationship with the impersonated company. The goods are ordered on a credit basis and either delivered or redirected to an address accessible to the suspects, or in some cases, collected directly by the fraudsters.
The fraudsters then sell on the product, often back into genuine supply chains, to the public. The impersonated retailers are generally UK-based, as are the delivery addresses; however the targeted suppliers are based not only in the UK, but across Europe.
Protect your businesses
- Always verify any new requests for orders, transfers, or changes to financial details by using contact details already on file, or obtained from open source records (such as the company website). Consider doing so via two separate methods (e.g. email and telephone), in case one or the other has been hijacked by the fraudsters.
- Consider sending a confirmation email and/or text message to your supplier when an invoice is paid, which includes the beneficiary bank name and last four digits of the account number that the payment has been sent to.
- Where funds have been paid out as a result of the scam, contact your bank and the beneficiary bank as soon as possible, so that they can attempt to prevent the onward dispersal of the funds.
- Ensure your computer antivirus software is up-to-date and that your staff receive regular reminders and training with respect to the on-going threats from malware and phishing emails, including social network invitations.
- Consider what your business makes publically available, with respect to existing contracts and suppliers. Evaluate whether it is really necessary to publish information of this type in the public domain, given that it is also available to fraudsters.
- Ensure that all of your members of staff are aware of these scams and of the relevant security protocols in place to identify and prevent them.
If your business has been targeted by fraudsters in relation to these scams, or any others, report it to Action Fraud by calling 0300 123 2040 or by using the online reporting tool.
