Fraud Advice for Businesses
What is Fraud? Fraud is a crime in which some kind of deception is used for personal gain. Fraud is sometimes also referred to by other names such as a scam or con. Businesses are often targeted by fraudsters seeking large financial gain. The main types of electronic frauds aimed at businesses are detailed below. If you have been the victim of fraud, contact Police Scotland on 101. Accommodation Frauds There are two main types of scam in operation relating to accommodation. Online bookings - where the fraudster uses stolen credit card details to make payment either via the business s own website or an online booking agent. The fraud is only discovered once the business is alerted by their card payment provider and this is often after the fraudster has stayed at the accommodation. Over payment - this is where the fraudster contacts the business, usually by email, pretending to make a booking. The fraudster either pays by cheque but makes the cheque out to more than the cost of the accommodation, or by credit card asking for extra to be taken to cover the cost of meals or outings. The fraudster then requests the extra money be paid back to a different card or account, due to a change in circumstances. It later transpires that the original cheque or credit card details used were stolen. Businesses providing accommodation should be suspicious of any person trying to make an over payment or asking for a refund to a different card or account. Consider having your IT department check the email header details, to ascertain the origin of suspicious emails.
On occasion a search engine may already show blogs relating to email addresses used by fraudsters. Be suspicious of an individual claiming to be making a company booking who uses a free email address such as @gmail, @yahoo or @hotmail. Business account change fraud This is when a business receives an email or letter purporting to be from a supplier with whom they have an account. The email advises that the supplier s banking details have changed and further invoice payments should now be made to the new account details, provided within the correspondence. Often the supplier s correct letterhead and employee names are used. If sent by email, the email address will be very similar to the correct email address. This may not be discovered until the real supplier begins to chase up the payment from the victim business. Always be suspicious of correspondence relating to a change of banking details and make contact with the supplier direct to query this, using contact details you know to be genuine. If you suspect you have received a fraudulent email or letter please contact Police Scotland on 101, so the details can be recorded. Business telephony fraud (sometimes referred to as phreaking) This is a type of electronic fraud whereby a company s internal telecommunications system is hacked into by criminals and used either to redirect calls, or to dial premium rate telephone numbers, the revenue from which is paid to the criminals. By using auto-dialler programs, the criminals can make multiple calls simultaneously, each call generating revenue, sometimes to the value of thousands of pounds before the fraud is detected.
It is not unusual for a business to receive silent calls or suspicious calls prior to falling victim to this fraud. This is because the fraudsters are trying to ascertain the hours of business so they can set up their hack after office hours. Not surprisingly this fraud is often perpetrated over a weekend allowing the fraudsters to evade detection for longer and to make optimum financial gain. Businesses should ensure their telephony systems are secure and passwords are not on default settings. Losses can be in the thousands, so it is well worth taking the time and expense to implement or improve security. Long firm Long firm fraud starts with the fraudster placing numerous small orders with wholesalers and paying promptly. Having established a good credit history and having won the trust of their suppliers, the fraudsters then place several larger orders. However once these goods are received payment is not made and it becomes apparent the contact details provided are false. Consider checking the business on Companies House to see how long it has been in operation - new companies may present a risk. Website addresses can be checked online to see how long the site has been up and running. Again, be suspicious of newly created sites or where the site owner s details have been anonymised. Google maps is a good tool for checking if an address exists but be aware the fraudster may use an address and company name similar to that of a genuine company. Short firm This is similar to long firm fraud but it takes place over a shorter timescale. Usually, the business doesn t try to establish any form of credit history or credibility. The fraudsters use credit to obtain goods that are delivered to third-party addresses, often on multioccupancy trading estates.
Police Scotland has received several reports from local businesses where a fraudster often purporting to be calling from a business, phones up, usually from a mobile phone, and passes stolen credit card details over the phone to make a purchase of a high value item, such as plant machinery. Sometimes several credit card details are passed before the transaction is successful and on occasion the fraudster asks for payment to be made over several cards. The fraudster thereafter arranges his own courier to uplift and deliver the item. The courier company is also paid using stolen credit card details. In transit the courier receives a call to have delivery redirected to another non-specific address in a street or industrial estate. The victim business discovers the scam when it is contacted by its payment service provider advising the payment was fraudulent. Be suspicious of unusual requests, such as purchase requests made by an individual who provides contact details very far away from your business, especially if in all likelihood the items could have been purchased closer to home. Also be wary if credit card details are rejected and the caller tries other cards, especially if these are in different names, or the caller requests payment to be made over several cards. Again, consider carrying out similar checks as suggested in the Long Firm fraud section. Ransomware This is a form of malware that attacks small to medium sized businesses. A common form of this is the Cryptolocker ransomware. Mac computers appear not to be affected. The fraudster sends an email carrying a malicious file, possibly purporting to be from a legitimate business. Once opened the malware encrypts all the files linked to that computer and makes a demand for payment to have the files decrypted. Making the payment will not release the files.
Do not click or download unsolicited email attachments and ensure your computer virus protection is up to date. Consider backing up important files and store them off your business network. If a computer becomes infected disconnect it immediately from the network and have it checked and cleaned by a professional. Safe Account Fraud This type of scam is most commonly perpetrated against individuals but businesses have also been targeted. This is where the fraudster pretends to be calling from the victim s bank advising of suspicious activity on their account. The fraudster advises the victim to hang up the phone and call the number on the back of their bank card to discuss the matter but stays on the line and pretends to be a bank employee, before instructing the victim to transfer money into a safe account. Your bank will never ask you to transfer money into another account. If you receive a phone call apparently from your bank under the above circumstances, call into your local branch or phone your bank using a different phone. False Job Offers Fraudsters often target large international businesses with bases in Scotland, especially in the Aberdeen and Aberdeenshire areas due to the oil and gas industry. In this scam the business itself is not at financial loss but may suffer adverse publicity as a result. Fraudsters add fake jobs to jobseeker websites in other countries, often India, Nigeria and the Middle East. The fraudster advises the victim they have been successful in their application and have secured a lucrative post in Scotland. The victim is thereafter induced to pay various fees for visas etc.
Local businesses may receive contact from victims of this fraud and should advise the victim to contact their local law enforcement in their own country or region. Many local businesses have added warnings to the careers section of their website offering advice to applicants to be wary of such scams. A comprehensive list of the main fraud types can be accessed on the Police Scotland website at www.scotland.police.uk/keep-safe/ advice-for-victims-of-crime/fraud/main-electronic-fraud-types Remember Ensure you have adequate anti-virus protection on your computer and keep software up to date. Be wary of clicking on links or web pages especially links in unsolicited emails. Never give out login details in an email or over the phone, no matter how genuine you think the request is. Be wary of the information you are giving out on social networking sites (contact details, date of birth etc). Do not include you birth date or address in your email address. When you are finished with personal or financial documents, shred them before you throw them out. Be wary of cold calls, if in doubt, just hang up and never give out personal or financial information if you are unsure who you are dealing with. Call Police Scotland on 101 if you are unsure or require advice.
Useful links www.cifas.org.uk for advice on protecting your identity www.getsafeonline.org www.fca.org.uk Financial Conduct Authority www.equifax.co.uk for credit checks www.experian.co.uk for credit checks www.mpsonline.org.uk to remove your address from mass marketing mailing lists www.tpsonline.org.uk to remove your telephone number from mass marketing call lists www.royalmail.com to report nuisance mail
0721-14_p