Fraud prevention for businesses: how to recognise and avoid scams

The word ‘fraud’ tends to be associated with scams designed to con consumers out of their hard-earned cash. For example, phishing emails, investment and pensions scams, fake charities, romance scams, property investment cons, bogus retail websites, and ‘fake scam’ scams, where fraudsters call claiming to be alerting their victim of a potential scam, while actually running the scam themselves.

But what many people don’t realise, is that businesses are routinely targeted by scammers too. In fact, UK businesses lose an estimated £240 million* every year to fraud - more often than not because they have no idea what is happening until it is too late.

What is business fraud?

Put simply, business fraud is the intent or the act of misrepresentation – i.e. scammers lying about themselves or their actions and services - in order to cause a gain or loss.

While businesses of all sizes are at risk of fraud, small businesses tend to be targeted more due to the fact they have limited resources and tend to prioritise innovation, growth and survival over compliance and fraud prevention.

What are the most common types of business fraud?

Fraud comes in many guises, and new techniques are being developed all the time, but the most common scams that target businesses tend to be:

Identity theft and imposter scams

ID theft is a huge threat - to both individuals and businesses. Identify theft could take the form of a new customer lying about who they say they are, a business hiding or lying about their ownership structure, a fake business pretending to be a real company, or even someone posing as a decision maker within the company and then making decisions – and crucially, payments – on the company’s behalf.

Businesses not knowing who they are working with poses a huge risk, both financially and reputationally, so it is vitally important that they have a failsafe identification, verification and screening process in place to ensure all customers and partners are who they say they are.

Lending scams

A common way in which businesses can be caught out is by a lending scam – often, it will be a fake lender promising hugely competitive rates if the business pays an upfront fee. Therefore, it is important businesses carry out proper due diligence on financial institutions before sending any money.

Fake invoices and payment requests

A common way in which businesses can be scammed is through fake invoices and payment requests. These could be fraudulent firms posing as genuine ones, or fake businesses sending invoices for fake products and services. This type of scam tends to be more successful when targeted at larger firms, because, due to the sheer volume of invoices they are dealing with, it is more likely that a fake one will slip through the net, and by the time the business realises what has happened, the scammer has moved on. To avoid being caught out, businesses must ensure proper due diligence is carried out on any new firms that have invoiced/requested payment, and if payment details for known/regular suppliers suddenly change, that these are checked before any payment is made.

Fraudulent service/suppliers

An increasingly common way to defraud a business is by setting up a company which looks legitimate – it may well have a professional looking website, good social media presence and even a Companies House listing – but is in fact a ‘fake’ business, taking money for goods and services that either do not exist or are subpar.

It is therefore vitally important for businesses to run checks on any corporate clients; this will include verifying the company’s existence, source of funds checks, premises checks and identifying beneficial owners. Businesses that do not run proper due diligence on corporate clients are putting themselves at high risk of fraud and money laundering.

Cyber threats

In a post-covid world, more and more of a businesses’ activities have moved online – and while this is undoubtedly more efficient, and makes for a much easier customer experience, if the digital systems are not properly protected, it can leave businesses wide open to cyber-attacks.

Hackers can steal data, customer information, and passwords and use these for financial gain, either through direct use of the information or through blackmail. If they get hold of customer information, this could also be a huge data protection issue, which could force the business to close if laws are broken and customer trust is lost.

Email and telephone scams

Fake phone calls and phishing scams have been an issue for decades, and still pose one of the biggest fraud threats for businesses in the UK. Scammers are now so sophisticated in their tactics, that they are able to produce fake websites and emails accounts that are almost impossible to determine from the real thing, while phone scammers are able to hide their true identities by utilising software that makes it appear as if they really are calling from the organisation they claim to be from.

Businesses should therefore be aware of any offers that seem too good to be true as well as any unexpected password reset requests. Even if a message is received from what appears to be a legitimate company or regular customer/supplier, if there is anything unusual about it, it is advisable to check by calling or emailing them directly via what you know to be their genuine contact details.

How do you identify fraud and protect your business from scams?

Awareness

The first stage is to ensure everyone in the business is aware of the most common types of scams, as outlined above. This way, there will be a heightened awareness of the possible risks making it much more likely that employees will be able to identify any red flags.

Security

It is important to make sure security within the business is as tight as it can be. Ensure employees have secure passwords, including two-factor authentication and strict rules about how and when company devices are used outside of the office, and around connecting to public Wi-Fi. Businesses should also have a way of recording/logging employee activity; that way, if there has been a data breach, the source should be easily identifiable.

Training and established procedures

It is advisable to have regular training on how to spot scams as well as a guide accessible to all employees so that they can check if they are unsure. Businesses should also establish clear ‘anti-fraud’ procedures that deal with potential scams.

Employees need to know what to look for, and what to do if they do suspect fraud, i.e. who to report it to, and what procedures need to be followed.

Where money is concerned there should also be a step-by-step process which must be followed when paying invoices to reduce the risk of fraudulent payments being made. Firms should not have a situation where just one person is needed to authorise large payments, as they could be caught out – or even be running a scam themselves.

Equally, firms should try not to have a setup whereby everyone in the business is authorised to make payments, approve customers etc - having these responsibilities left in the hands of a trusted few will reduce risk.

How can SmartSearch help?

SmartSearch is one of the UK’s leading providers of anti-fraud and anti-money laundering solutions. It’s all-in-one platform offers identification, verification and screening – for individuals and corporates – to ensure businesses know exactly who they are working with.

Using data from the world’s three largest credit reference agencies (Experian, Equifax and TransUnion), the Dow Jones Watchlist – comprised of more than 1,100 worldwide sanctions and PEP lists – as well as biometric technology, it is able to offer the highest match and pass rate on the market, while its monitoring service ensures anything suspicious is flagged immediately.

And, with instant access to UK bank statements, SmartSearch’s Source of Funds check quickly collates the vital bank information needed to verify the presence and provenance of funds and financial records.

SmartSearch’s comprehensive range of anti-fraud services - including ID validation, bank, mobile, IP address and device validation and access to global fraud data - can be tailored to each business’s specific requirements to create a bespoke fraud prevention solution.

*https://www.ukfinance.org.uk/press/press-releases/uk-finance-warns-smes-increased-risk-targeted-scams