As a business owner, you are a target for specific and sophisticated types of fraud that aim to trick you or your employees into making illegitimate payments. These scams can be very convincing, but by implementing strong internal processes, you can create a powerful defence to protect your business's finances.
This guide covers the most common business payment scams and the practical steps you can take to stop them.
Understand the most common threats
- Invoice Fraud: A scammer sends you a fake invoice that looks like it's from one of your real suppliers. They may also contact you pretending to be a supplier and ask you to update their bank account details to a new account that they control. Any future payments you make will then go directly to the scammer.
- CEO Fraud: This is when a scammer impersonates a senior person in your company, like the CEO or a director. They send an urgent and confidential email to an employee responsible for payments, instructing them to make an immediate payment to a new account for a secret deal or to avoid a penalty.
Build your business's defences
The best way to combat these threats is to create clear, simple rules for handling payments that everyone in your organisation follows.
- Always verbally verify bank detail changes: If a supplier or contractor ever asks you to change their payment details, do not approve it over email. Call them on a phone number you already have on file and trust (not a number from the email itself) to confirm that the request is legitimate.
- Implement a 'four-eyes principle' for payments: For significant or unusual payments, require approval from two different people before the money is sent. This simple step makes it much harder for a fraudulent payment request from a single scam email to succeed.
- Train your team: Make sure anyone with the ability to make payments is aware of these scams. Encourage them to be suspicious of urgent or unusual requests and to always feel comfortable questioning a payment if something doesn't feel right.
- Scrutinise invoices carefully: Before paying, take a moment to check the details. Compare the bank account number to previous invoices from the same supplier. Look for any subtle changes in email addresses, company logos, or formatting that might indicate a forgery.
Good to know
A sophisticated form of invoice fraud happens when a scammer hacks into your supplier's actual email account. This means a fraudulent payment request can come from a legitimate email address, making it seem very trustworthy. This is why you must always be vigilant and why verbally verifying bank changes by phone is the only way to be sure.
By integrating these processes into your daily operations, you make your business a much harder target for fraudsters.
If you are worried you may have paid a fraudulent invoice, read our guide on What should I do if I suspect fraud on my account? for immediate steps.
Read more