Lastest news

Four tips for SMEs to avoid fraud

Jun 28, 2019

Fraud can damage businesses and livelihoods, but SMEs can do a lot to protect themselves against it. Niamh Davenport explains two common frauds and how SMEs can avoid falling victim.

Irish businesses, including SMEs, are often hurt the most by fraud. We hear about security breaches in large companies in the media, but SMEs are actually the organisations that need to be extra vigilant. This is particularly true when responding to unusual email requests, especially those around invoicing and finances. Two scams targeting Irish businesses are invoice redirection scams and CEO fraud.

Invoice redirection

Invoice redirection has become increasingly common in Ireland. It occurs when a business receives a fraudulent email claiming to be from a supplier advising of new bank account details. The initial request may not necessarily be accompanied by an invoice, but it means that any future legitimate payments will be paid directly into the fraudster’s account. By the time you realise the money has been paid to a fraudster from a transaction that you authorised on your account, it will have long disappeared.

CEO fraud

Another scam on the increase is CEO or CFO impersonation fraud. A request will come into the finance team by way of email from what looks like their CEO or a director from their organisation. With some information that can be easily gathered online, such as employee names, the fraudster sends a payment request that appears to be genuine – usually from a new supplier and with a sense of urgency. Because it is their CEO making the request, the finance team obliges immediately, never thinking to follow up with the CEO about the request.

The CEO fraud is similar to invoice redirection fraud in that it is another form of email fraud. Fraudsters are able to create email accounts that are practically identical to those of senior members of staff and they take advantage of it.

What to do

To protect your business from these types of scams, you should check email addresses carefully, especially when it is a request for money, and always independently verify details with the sender. Take the time to make a quick phone call to a supplier to ensure they have changed account details or call your boss before making a payment. Call or email them using a number or address known to you, not through contact details on the email received.

Keep an eye out for different names or contact details when dealing with a known supplier, and follow up on the unfamiliar. The name could be that of a new employee – or it could be someone trying to steal from your organisation.

It is also important to implement a robust payment system within your organisation, regardless of size, particularly for payments over a certain threshold.

FraudSMART tips for SMEs

1. Always independently verify new bank account details and the bona fides of the request with your suppliers using existing contact details. Do not reply to out-of-course emails.

2. All staff should be trained and familiar with fraud prevention procedures and good email practises, including:

  • Not responding to any email seeking financial, personal or security information unless they independently verify (ideally by phone) that the email came from the company or person it claims to be from;
  • Never giving away security details, such as a PIN or online banking password;
  • Never clicking on a link or attachment in an email until it has been verified.

3. Businesses should ensure that they have appropriate IT and data security in place and should seek independent advice if in-house skills are not available.

4. Go with your instincts. If something feels wrong, stop; remember, it pays to pause.

Niamh Davenport is the Head of Fraud Prevention at Banking & Payments Federation Ireland.