Director Fraud and Online Security
We would like to reiterate that all users must be very careful when clicking any form of link be it a link to an unknown website or an attachment embedded within an email. If the sender is unknown or you feel that the email is not actually from the stated sender, it is better to ignore the email than risk opening it.
Fake emails or emails containing fake links & attachments are routinely used to gain access to small business accounts or banking information. Anti-virus and Anti-spam will stop most, but users also have a vital role to play.
One example we frequently see is that a suspect email will contain a web link that will ask for your email password. This will then be used to commit banking fraud and other problems. Be extremely careful of any links you receive via email, and never enter your email password into a web page. You can always call us if you receive an email you’re not sure about or if you are being asked for your email password by a web page.
We have noticed an increase in spoof emails claiming to be company directors and managers emailing other members of staff asking them to transfer money or for information that could be used by fraudsters to commit banking fraud.
Online fraudsters are becoming ever-more sophisticated, and will stop at no end. There are many instances of fraudster registering domains designed to be extremely similar to a targeted company and using public records such as a Companies House or companycheck to find out company directors names and information so that they can set up fake email accounts in their names. Our support desk are happy to discuss possible bad emails before they are opened, in this way users can gain an understanding of what to look for.
Most common types of scam emails:
• Someone will pose as a boss or director of a company instructing a member of staff to deposit into the fraudulent account.
• Fraudsters will often pose as the IT company of a bank saying they will need to make a series of test transfers.
• They will claim to be a supplier or business partner asking for fake outstanding invoices to be paid into a new bank account.
How to ensure you’re protected
Our top recommendations:
• Ensure all members of staff are aware of this kind of fraud, not just your accountants/accounting department.
• Have a procedure in place that allows all members of staff to properly verify contact from Managers and Directors.
• You should have a two-step authentication procedure in place before any transactions are made, this could be as little as a pin/phrase sent in the email, all the way up to verbal confirmation of a transaction either in person or over the phone.
• Always review any form of financial transactions for errors and changes, such as a misspelt company names or email addresses, changes in bank details, etc.
Our further recommendations:
• Work out and consider what information about your company is publicly available and whether it needs to be public, places you should check include: Companies House, social media platforms and company websites.
• Ensure that all computer systems are secure and that antivirus/antispam software is up to date and installed where appropriate.
If you have any questions, you can talk to us about possible ways to improve your security and help put measures in place to reduce the chance of successful fraudulent attacks.