Cyber Attacks in 2022 are much more frequent and more complex because they are enabled digitally. To stay secure against business impersonation fraud, it’s important you are educating your staff and making sure they are verifying payment details before paying invoices.
Figures from ,UK Finance show the number of impersonation scam cases has more than doubled in the first half of 2021. These scams resulted in criminals stealing £129.4 million through this type of fraud in the first half of 2021. In the same period last year, there were nearly 15,000 impersonation scam cases which led to £57.9 million being stolen.
Criminals stole £129.4 million through Impersonation Fraud in the first half of 2021. via UK Finance.
This type of Business Impersonation Fraud is when the attackers attempt to spoof or take control of a senior leader's email address.
Often attackers will send emails that request a payment to be made urgently, your staff should double-check the sort-code, account number and amount(s) that are being requested to avoid falling victim to this type of fraud.
We recommend that your staff are aware that they should gain a verbal confirmation of any payment request they receive from senior management.
,Supplier Invoice Fraud is a type of Business Impersonation Fraud is when a cyber-attacker will send a fake invoice hoping that it will slip into your inbox unnoticed and is paid without question.
Often cybercriminals will have spent time researching before sending out the invoice to staff. They will look to send the request at periods where they will have the maximum chance of success - busy payment periods (payroll weeks, end of tax year, Christmas).
Research for the ,Take Five to Stop Fraud campaign found that 19% of people feel uncomfortable saying ‘no’ to a request for personal information from a stranger via email or text. With the number rising to 23% when taking requests on phone calls - this could leave them at risk of an impersonation scam.
92% of people admit to saying ‘yes’ because they don’t want to appear rude. Saying ‘I’m not sure’, ‘I don’t think so’, ‘Let me think about it' or ‘I can’t at the moment’ all can give criminals a way in.
The Take Five to Stop Fraud campaign advice is to:
STOP: Take a moment to stop and think before parting with your money or information that could keep you safe.
CHALLENGE: Could it be fake? It’s ok to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.
PROTECT: Contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud.
The Cyber Resilience Centre can deliver your staff ,security awareness training through a half-day session either online or in person in your office. Our security awareness training session is interactive for attendees and builds upon key learnings through examples specific to your business and the industry you work in.
Ready to prepare your staff with security awareness training? ,Contact us today to learn more.
Click to Open Code Editor