Why cybercrime matters
44% of businesses1 suffered losses due to cybercrime, with an average of £35,000 lost. Find out how cybercrime could affect your business and what the risks are.
Understand cybercrime and fraud risks
Keep your business safe online
Find out how to protect your business against impersonation fraud and invoice fraud, and help save yourself from loss of business and reputation damage.
Explore our videos or watch our webinar.
Fraud and scams today
A cyber crime or fraud attack could have devastating effects for your business, such as preventing you from selling online, damaging your brand or even driving you out of business.
You can take action to help prevent this. In this article we give you some tips on how to spot some of the signs of common types of fraud, so you and your employees know how to keep your business safe.
Protect your business against fraud – stay alert to these scams
-
Investment scams
Fraudsters posing as sales staff offer the chance to invest money in everything from shares, gold and land to carbon credits and vineyards, but the investment is fake. Sometimes, fraudsters use publicly-available information to impersonate genuine companies and staff.
- Stop and think – if it seems too good to be true, it probably is. Any ‘investment opportunity’ that pops up out of the blue is likely to be a scam. Scammers do background checks on targets – for example, they might look for people who’ve recently retired, sold a business or come into a large inheritance and tailor their pitches to them
- If you’re thinking about making an investment, make sure you do plenty of research. You can check the Financial Conduct Authority’s (FCA) register and warning list to see if a salesperson you’ve spoken to is genuine – the FCA lists unregulated firms and individuals that operate without authorisation, which can help you avoid scammers
-
Purchase scams
Scammers trick businesses into buying products that don’t exist, such as vehicles, machinery or office supplies, through websites or sellers that seem genuine. The goods or services are then never received.
- If you’re planning to buy something from a new website or Marketplace, make sure you research the company and check genuine customer reviews
- Avoid making a big first-time order – if it seems too good to be true, it probably is
- Try to see the item in person first – providing it’s within government guidelines to do so
- Check any documentation and serial numbers carefully to ensure what you’re buying is genuine and if there’s a good reason why the cost may be lower
-
Impersonation scams
Scam calls
Fraudsters call businesses pretending to be organisations such as banks, HMRC, the police, or internet and phone companies. They usually ask for personal or bank details, ask you to make payments to another account or ask staff to download software that gives them control of that staff member's device and access to the business’ bank account.
- If you get an unexpected call, never tell them your personal or bank details such as your PINSentry codes
- Never transfer any money and don’t download any software or give them access to your device. Instead, call the person back on a trusted number you already have on file
CEO fraud
Fraudsters intercept emails from directors, CEOs or other senior staff members, and pretend to be them. Scammers then ask staff members to make payments to fraudulent bank accounts.
- If a colleague asks you to make a payment to new bank details, check that the request is genuine by calling your colleague on a trusted you already have on file
Invoice fraud
Fraudsters take over email addresses and intercept email conversations. They then send genuine-looking emails that ask businesses to send money to different bank accounts, and change the bank details on real invoices. The business is then conned into sending large amounts of money to a criminal’s bank account.
- If you’re asked to update the bank details you have for a supplier – or if you get sent new bank details to pay an invoice – always call a contact you know, to check the request is real. Don’t reply to the email address or use the details they send you, but get in touch with someone you already know and trust
- Make sure all of the staff who work with payments know about this type of scam
-
Social engineering
Phishing
Phishing is when fraudsters send emails pretending to be from a genuine company, to get you to click on links, open attachments, make a payment or provide personal details. Before you take action, you should
- Check the sender’s email address and details are correct
- If there’s a link in the email, hover over it before you click on it – it’ll then show you where the link takes you. If you don’t trust it, don’t click it
Smishing
Smishing stands for SMS phishing – it’s phishing but with texts instead of emails. Texts appear to come from a company you deal with, and usually ask you to click on a link, make a payment, send personal details or call the company back on a premium rate number.
- Be wary of following instructions you receive in a text. If you can, check the request is genuine by getting in touch with the company by a trusted email address or phone number
- Don’t click on links in texts from unknown sources. If you do, be wary if the linked address is different to what’s in the address bar when you’re redirected
Vishing
Vishing is when fraudsters trick you into giving details over the phone. They can then use this to access your accounts and open new accounts under your name.
- Vishing takes advantage of how easy it is to impersonate phone numbers, so be wary even if you receive a call from a number you recognise
- Always be alert when you get a call from a person you don’t know. If they’re asking questions that you don’t feel comfortable answering, end the call and contact the company using a contact method you know (such as live chat or trusted email)
-
Malicious software
Ransomware
Fraudsters use ransomware – a type of malicious software – to lock your computer. They then send a pop-up message demanding money to unlock it. Ransomware is downloaded automatically when you click a malicious link that’s designed to look harmless – these links are usually found in emails, and on websites and social media.
- If you get an unexpected message asking you to follow a link – or see a link on a site or profile that doesn’t looks genuine – always check it’s real before doing anything, regardless of who appears to have sent it
- Back up your files using external storage means – then you can still access them if you do fall victim to this scam
Trojans
Trojans are a type of malicious software (malware) that seem harmless but actually contains damaging files or software. Fraudsters often send emails containing Trojan links and attachments – if you click on these, malware can be downloaded onto your device that gives scammers access to your passwords and log-in details. Some types of malware let fraudsters alter and access your files and even use your computer to attack other computers.
- If you get an unexpected message or email asking you to follow a link or open an attachment, contact the company to check that it’s real
- With so many businesses working remotely, it’s even more important to make sure your online systems are up to date and protected with the latest anti-virus and firewall software
You might also be interested in
Prevent social engineering
A large number of cyber criminals begin their attacks with social engineering – learn how to spot this type of fraud, so you have a better chance of stopping attacks before they start.
Common cyber threats
From trojans to treading carefully with public Wi-Fi, get clued up on the most common kinds of attacks.
How to protect yourself and your business
Find out a few ways to stay safe online, like using malware protection and managing who needs access to what.
Webinars to support UK businesses
Our webinars, hosted on EventBrite2 aim to help protect businesses by giving real insight into important subjects, such as risk and security.