BBF's close shave with cyber fraud – and what we can all learn from it

In 2017 we had a near miss with a cyber fraudster, and it was clear from our experience just how easily any company could fall victim to these scam artists. Luckily, we were able to identify the threat in the nick of time and can tell the following tale as a cautionary one, instead of with regret.

It started innocuously, as is usually the way with these types of things. An email was sent to our accounts team appearing to come from our Managing Director asking them to make an urgent payment of nearly £10,000. The email was addressed personally to our Accounts Administrator and copied to her line manager – all information that was easily obtained from information on our website. An urgent payment request is not such an uncommon occurrence that it would immediately set alarm bells ringing and our accounts team set about dealing with the request in the usual way.

Due to the safeguards already in place with regards to signing off payments, no money could be transferred without senior management approval, but it was only at the final approval stage that it became clear the request was a fake and had come from an equally fake email address.

A few deep breaths later and it was clear how close we had come to transferring a large sum of money to an unknown party. Given the nationwide cost of fraud to businesses - estimated to be anywhere up to £144 billion a year - it's likely that we're not the only organisation in Buckinghamshire to have been targeted. So what can be done?

How to protect your business

Up-skill your staff to recognise the ‘signs’

Organisations should be proactive in ensuring their staff are as aware as possible about potential threats. Ensuring staff possess, at the very least, knowledge of typical signs of a scam like the email address of the sender being incorrect, and an unfamiliar email signature for the supposedly known sender (eg 'Kind regards' is an unusual sign off for an MD to one of their staff). We need to be vigilant for signs that let us pick up cyber fraud early especially given a recent report by the Reform think tank that revealed UK police are “terrified” by digital crime because they feel they themselves are lacking in basic online skills.  Getting any of your stolen money back after the event is a real challenge.

The same report also suggested that people are 20 times more likely to be a victim of fraud than robbery. With the cost of fraud to businesses estimated to be anywhere up to £144 billion a year it is essential that the people whose innocent mistakes could lead to financial loss are educated and trained in spotting and avoiding fraudulent activity.

According to the government, 33% of small businesses and 65% of large businesses reported a cyber breach or attack in the past 12 months. Meanwhile, a British Chamber of Commerce survey found that 21% of businesses “believe the threat of cyber-crime is preventing their company from growing”.

Bringing staff into schemes like Cyber Essentials, or any work you do on cyber security and fraud prevention, is a sound idea.

Cyber Essentials

The government has developed an accreditation scheme that organisations are advised to complete in order to understand good practice around cyber security.

Cyber Essentials is designed to help protect organisations from the most common online threats by putting in place good basic provisions to fight off security threats. Under this scheme, organisations can gain 1 of 2 Cyber Essentials badges to show that they have done the necessary work to ensure they are as safe as possible from cyber attacks.

As of 2014, the government requires all suppliers bidding for certain sensitive and personal information handling contracts to be certified against the Cyber Essential scheme.

What to do if you encounter potential fraud

Action Fraud is the UK’s national fraud and cyber crime reporting centre and is where you should report any potential or successful fraud or cyber crimes.

Contact our business support team

Get in touch with our business support team to talk through any queries you may have. While we can't prevent fraud, we can offer an ear and some advice to point you in the right direction. Call 01494 927130 or email [email protected].