I distinctly remember the conversation.
I’d met up with a fellow HR Consultant for coffee back in the early days of my business. We were chatting away when she took a call from one of her clients who operated a business that provided catering services to schools.
They had become victims of a huge scam.
Instead of paying their invoices for their orders they were paying a scammer. Someone had emailed their Finance email address and requested that X’s account details be updated to Y account number & sort code. Like all attentive Finance team members, the person who received the email, actioned the request without question.
My friends client had paid £68,000 into the wrong account.
Just this week I received a email proporting to come from my husband that said, please change my bank account for next payroll! Yeah right.
Some while back my husbands old employer had an email that the scammers had actually tried hard to at least make look genuine.
It proported to come from John Smith* and the email was [email protected]
However, John was famous (in the company) for not having any regard for email pleasantries. So whilst a carefully constructed scam email asking the recipient to forward a large sum to an account immediately at the instruction of John the CEO, because the scammer had used Kind Regards, the IT Department immediately realised it was fake. John would never say “Kind Regards” on an email, he’d have just signed off J.
In today’s business our reliance on technology means that anyone of us could become the next victim of a scam. Here’s some things you and your team should be on the look out for:
- Fake invoices – scammers submit fake invoices for payment.
- Phishing emails – scammers are asking you to do X.
- Calls from Microsoft etc – the infamous do you have Windows calls?
- Calls from the Bank, remember just because they guess correctly where you bank doesnt mean its genuine.
- Cyberattacks- often where a cyberattacker installs malware and won’t remove it unless a ransom is paid.
- Utility attacks – pay us or we will switch off your utilities.
- Loss of social media pages as it has been hacked.
- Employee fraud – including raising and deleting orders after money paid into their own account.
So what can be done.
- Don’t rely on your team knowing how to prevent a cyber attack, train them. Know who you would call if it happened to you so you can get back and running.
- Don’t assume your book-keeper who comes in once a week will be looking out for scam email asking for an account to be amended, train them. Have a procedure in place for changes for suppliers accounts and staff payroll accounts.
- Bring it up at Staff Meetings, make sure everyone remains on alert to how people deliberately target businesses that they think are less likely to realise. Remember the reason these scams are so common is that it works for the scammers.
- Have tight IT systems, passwords need to be secure and no relaxed and informal. No email address sharing. Treat the threat seriously.
- Regular monitoring – reconcile accounts, be on the look out for irregular payments or suspicious activity. Someone you trust living beyond their means? How is it at your expense?
- Be suspicious. Trust no-one. You are more likely to keep your money that way.
See also Means Motive and Opportunity
See also Employee Fraud