We are all aware that the risk of fraud, both against your business and you personally, is an ever-present threat. However, in the current Covid-19 climate, these risks have significantly increased as well as changing in nature.
We all need to be aware of what is happening out there. So here is a guide to what scams are doing the rounds at the moment:
Payment diversion fraud
Payment diversion fraud has been around for ages. However, the risk of this type of fraud being successful has changed quite significantly with the altered working arrangements businesses are coping with, especially working from home.
Many individuals have now been working at home for ten weeks or more; this means that contact by email is even more common than usual. The typical security messages and reminders, commonplace at the office, can be either non-existent or certainly fewer in number when you’re working from home.
Regular control routines may not be working as they previously did. People may be distracted by their working environment such as by small children, dogs, cats etcetera being around. All of this means that previous controls may not be adequate. A sudden request, apparently from the boss, to pay someone with account details provided urgently, may not meet with your ordinary level of scepticism. You might not immediately think to call your boss to check the details.
Organised crime infiltration
Last week Cressida Dick, Commissioner of the Metropolitan Police, gave a speech warning businesses that organised crime had increased its activities significantly under lockdown, especially in the area of coercing employees, which is now much easier for them to do than before the virus struck.
Members of staff may be suffering financial hardship if perhaps they’re receiving a reduced salary due to furlough or are having to exist on Universal Credit or even if they have a partner who has lost their job. Offers of financial reward for access to systems, passwords, or other confidential information might be much more tempting to accept than in normal circumstances.
Similarly, payment of a ‘commission’ to put large amounts of money (invariably the proceeds of crime) through the business bank account. Thereby laundering the money, maybe more tempting to accept than before.
Business Fraud Warning: Phishing
Phishing is essentially a cyber-attack that uses the guise of an email or social media as a weapon. The goal is to trick the recipient into believing that the message they’ve received is something they want or need — a request from their bank, for instance, or a note from someone in their company or more likely at the moment, a call or message from a government department offering grants or loans.
The phisher attempts to get you to click a link or download an attachment. What distinguishes phishing is the form the message takes; the attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with or at the moment HMRC.
It’s one of the oldest types of cyberattacks, and it’s still one of the most widespread and pernicious, with phishing messages and techniques becoming increasingly sophisticated. What is concerning experts in the field is the increasing risk of fraudsters posing as part of the government’s contact tracing system seeking personal details.
Business Fraud Warning: Hacking
Hacking attacks are also increasing with the workforce moved to remote locations. In many situations, it might not be possible to maintain the ordinary level of IT security. Especially as many individuals working from home are using their private computers or tablets for work activities. Therefore their internet connections may not be as secure as desired.
This may provide weak spots for criminals to access systems and divert money, or to use the information obtained to commit other crimes, such as stealing Personal Protective Equipment because you know when and where it will be delivered or stored.
Frauds instigated by the business.
I now come to the final category, in which an individual or a business won’t be the victim, but the fraudster. Temping companies struggling to survive to apply for grants or loans to which they are not entitled.
The Furlough Scheme (CJRS) is especially vulnerable, primarily because it had to be created and implemented very rapidly. Unfortunately, the remarkable speed in which it was created and launched left many vulnerabilities, which a small percentage of individuals and businesses have taken advantage of.
This means it is relatively easy for a business to cheat and claim furlough money when staff are still working. As at 1st June, HMRC had received 1,868 reports of fraud to its digital reporting service.
Business Fraud Warning: What should you do?
It would be best if you tried to ensure that all staff, especially those working remotely, are aware of these risks and take extra precautions. For instance, any new supplier’s bank account or any changes in bank details for an existing supplier should be checked with a phone call using the pre-existing contact information.
If remote working systems did not initially include all the security features you would have liked, consider whether these can now be enhanced. If you feel staff might be vulnerable to approaches from organised crime, try to find what actions may mitigate this. For instance, individuals who feel valued by their employer will be less likely to succumb (though not immune) to offers of cash from criminals.
So, look at what you can do to help keep employees engaged, even where working conditions are demanding, or employees are furloughed. Also, make sure the staff receives regular guidance and alerts about factors which might indicate fraud.
If you would like more detailed information on some aspect of UK Tax, send me an e-mail and I’ll be pleased to advise further.