In recent years there has been a dramatic increase in the level of attempted or successful scams on businesses by means of fraudulent emails. Fraudsters have various ways of trying to trick businesses in to divulging personal, financial, security or customer information. Email fraud extorts money and information from businesses in many ways including impersonating a senior member of the organisation, or a supplier or creditor to the organisation or a reputable organisation that the organisation deals with such as a bank, utility provider or the Revenue.
The emails tend to convey a sense of urgency, in the hope of getting the recipient to by-pass normal business controls. They may indicate that something is wrong or that money will be lost if action is not taken quickly e.g. tax refund due to expire, late fee charges.
Some fraudulent emails may include a link or attachment that when clicked on, downloads malicious software (malware) on to the recipient’s PC or device. Some types of malware track activities that take place on the computer or device and can record and pass financial, personal, business or security information to the criminal.
The fraudster then uses the information to steal money from business accounts, to carry out unauthorised card transactions or other criminal activity.
- Businesses should have a specific documented internal process for the arrangement and authorisation of payments. Any requests outside of that procedure, especially if received by email, should be regarded as suspicious.
- All staff should be trained and familiar with fraud prevention procedures and good email practises including:
- Not responding to any email seeking financial, personal or security information unless they independently verify (ideally by phone) that the email came from the company or person it claims to be from.
- Never giving away security details, such as PIN or full online banking password.
- Never clicking on a link or attachment in an email until it has been verified.
- Businesses should ensure that they have appropriate IT and data security in place and should seek independent advice if in-house skills are not available.
- Go with your instincts. If something feels wrong, stop, remember it pays to pause.