The Increasing sophistication of fraud and cyber fraud
I remember a time when cyber fraud simply consisted a Nigerian prince offering $2,000,000 for anyone helping him to move his fortune out of Nigeria. Today fraudsters are becoming increasingly sophisticated in their approach. Here are three scams we have seen affecting business owners.
The spoofed email domain
Your bosses email is firstname.lastname@example.org and you receive an email from email@example.com asking you to make an urgent bank transfer, seems legitimate?
Typically fraudsters will scour the web looking for sites listing the names and emails of a business owner and finance contact. They then register a domain that looks very similar to the company’s but with a subtle difference. In the above example they would replace an m with in, in a long email address, this often gets overlooked because your mind reads what you expect to see.
The fraudster then creates an email address from that domain and emails the finance contact asking them to make an urgent bank transfer to a given bank account.
A good principle is to require the owner to log into the internet banking site to 2nd approve all bank payments and also to instigate a policy of verbally confirming any unusual payment instructions.
The HMRC tax refund
You get a professional looking email from firstname.lastname@example.org advising you of a tax refund an requesting you to open a link to enter your personal details to claim the refund.
Similar to the spoofed email, this email hasn’t come from HMRC, and the link that you click on may say something like www.hmrc.gov.uk but it actually takes you to a different website.
Hovering over email addresses and hyperlinks will reveal the true email address and link destination. Having good anti-spam software will also help block these fraudulent emails. And then there is the fact that HMRC will never email with details of a tax refund!
The fake invoice/demand
In this fraud, a paper demand is sent to a business by post from somebody purporting to be something like Companies Register demanding urgent payment of £100 to maintain the company's listing. Everything in the demand is designed to make the business owner think it’s a compulsory regulatory payment when in fact it’s just an advertising listing on an obscure website.
Other examples of this fraud are spoofing a large company’s bill layout or demands from debt collection companies.
If you receive any unexpected bills, perform an internet search on the key details to validate the company/see if any others have reported the company. Alternatively get a second opinion from your accountant/bookkeeper who will often have seen many such documents.