Digital technology has been a godsend for many SMEs, but its growing sophistication means we are more vulnerable to online fraud and “scams” than ever before.
Take, for example, impersonation fraud. Also known as “whaling”, because scammers are targeting one high-level individual as opposed to many, impersonation fraud is when scammers pretend to be a company CEO in order to illegally extract money from the business.
The impact of this type of fraud has been felt especially among SMEs, with 53% of employee respondents from a Lloyds backed survey saying they have been victims of scammers posing as their boss. Below are more alarming results from the survey and how to spot and stop it.
What does it look like?
Put simply, it’s when scammers use a senior employee’s personal data to impersonate them and defraud the company out of money. The scam takes two main forms; CEO fraud and invoice fraud. Both scams do the same thing, they mostly intercept email chains and change banking details to receive the funds.
Here are some tell-tale signs:
- You receive a change in bank details from a supplier or other contact.
- You receive unexpected emails from your boss, or from another senior employee asking you for the payment of funds.
- You are sent a flurry of emails, texts or voicemails from companies asking you to reveal personal information (also known as “phishing”).
Why are SMEs the target?
It’s likely that scammers pursue the “Trojan horse” method of infiltrating an SME because of their smaller sizes and close-knit work structure. In a small to medium sized work environment, employees are more likely to have direct contact with senior members of staff, including frequent and more casual email exchanges with CEOs.
Scammers take advantage of these high levels of contact and trust to secure their funds illicitly.
A common manifestation of impersonation fraud is found via an email exchange. Scammers start by gaining access to an email trail containing payment information and change the beneficiary bank account details.
Employees commonly regard email chains as legitimate especially when they come from an interior source. Be sure to double check any bank or financial details sent via emails as the exchange continues. Also remain vigilant when it comes to processing invoices over email, scammers are also known to pose as suppliers and change the invoice details.
A culture of transparency and communication must be in place where employees do not feel intimidated to question emails sent by higher members of staff.
When we think of digital fraud, we usually envision large-scale cyber attacks that hit all levels of a company’s structure. But impersonation fraud is different, and no less sophisticated for being so. They have managed to negatively impact up to 454,960 companies in the UK, and according to the survey, the risk has risen by 58% – and looks set to get worse.
Businesses most affected by impersonation fraud are those that tend to store the most sensitive and personal information data for their clients.
Here are the statistical threat levels facing certain industries:
- Law – 19%
- HR & IT – 17%
- Finance – 16%
Financial drain and job losses
According to the research, SMEs are losing an average of £27,000 per year to these scams – that’s equivalent to the average salary expectation in the UK. Net losses have also led to an estimated 6% of fraud victims being forced to make employees redundant due to the financial drain impersonation fraud causes.
The research shows a lack of awareness about what impersonation fraud looks like, even when employees have already been victims of it. This makes them less likely to blow the whistle on future suspicious activity, which leads to a cycle of financial loss and data vulnerability. Only 20% of victims asked by the survey said they now think twice when receiving an email request at work.
The key to stemming the flow of impersonation fraud rests in educating staff on the signs, having organic and cost-free prevention strategies in place, and promoting an open company culture. This includes double checking the validity of any email threads that contain financial information or demand funds.
This also depends on the company culture in place in any SME that experiences fraud, a culture of transparency and communication must be in place where employees do not feel intimidated to question emails sent by higher members of staff.
Share this story