CIO

CIO upfront: Never think you can’t be a victim of fraud

As Money Week kicks off, Matt Spehr of Western Union Business Solutions shares some thoughts on how SMEs can keep their businesses protected from criminal activity

For SMBs, the impact of fraudulent activity can be the end game

Fraudulent behaviour can take place anywhere, at any time. It doesn’t matter if you work for a big global business or if you’re a startup working from your home office - fraudsters are always on the lookout for their next victim and the worst mistake a business can make is thinking that it won’t happen to them. 

Tech services providers are continually developing fraud detection, prevention, security and investigation capabilities. 

However, it is usually information provided by third parties to businesses, which is not verified by the business, that can result in the fraudulent activity. 

The biggest fraudulent problem facing businesses right now is business email compromise – a form of phishing attack where a criminal impersonates someone known to the victim via a business relationship and attempts to force the victim into transferring funds. This is a global problem which is only becoming a greater threat as the years go on. 

When it comes to small businesses, which make up 97 per cent of businesses in New Zealand, the risk of business email compromise is even higher. Typically, in a small business, there’s usually one person doing the finances, the stock take, the distribution and more. This means there often aren’t the structures and policies in place to think about fraud and therefore it doesn’t usually fit into the day-to-day routine. 

What we’re finding is that fraudsters try to avoid compliance and law enforcement by tapping into relatively small transactions – ranging from $5,000 - $50,000 – providing them with a lower risk of being caught.  

Once the transaction has been made, it’s extremely hard to track the funds and so the underlying threat is where the money ends up.

In our experience, we see these funds commonly being transferred to Hong Kong or China and we’re also seeing growing trends in Mexico and Africa. 

Credit: Supplied Art

Always speak up if you have concerns. Don’t do the transaction and then think about it afterwards, as it may be too late

Matt Spehr, Western Union Business Solutions

For small businesses, the impact of fraudulent activity can be the end game. 

Unlike some of the bigger players, SMEs may be unable to write off a $50,000 scam, which puts them under greater threat and vulnerability.

It’s our job to protect these businesses and ensure they have rules in place and know how to spot business email compromise. 

Key signs to look out for?

  • You receive a notification that the country for the beneficiary bank for an invoice has changed.

  • They are asking to change the beneficiary of the payment either to an individual or combined with a company. 

  • The reason given for change of beneficiary bank.

  • Inconsistencies in the email such as times, font, spelling, grammar, structure.

  • A sense of urgency for the transaction to take place.

  • Look closely – often the email address may seem the same as you usually receive, but in most cases, it is slightly different.

  • Invoices provided are not of the same standard of real invoices from supplier.

Business email compromise is not sophisticated fraud and so the methods that businesses can take to limit their chance of falling victim can be quite simple. 

Be vigilant and look out for those key signs every time you are about to make a payment. The one rule that we give to all our clients is to verify - always do your due diligence if you receive an alternative instruction.  

If you receive an email asking to change banking instructions, phone your customer (using the number you already have on file) and ask them to verbally confirm the request. You will know instantly from this call whether or not the request is legitimate. It it’s not, it should be reported.  

3 pieces of guidance to help businesses conduct their due diligence

  • Always verbally verify new instructions from customers or suppliers

  • Never think that you can’t be a victim of fraud – it’s a mindset. Fraud is important and therefore you need to be thinking about it. 

  • Always speak up if you have concerns. Don’t do the transaction and then think about it afterwards, as it may be too late. 

Matt Spehr is head of customer relationship management at Western Union Business Solutions

Sign up for CIO newsletters for regular updates on CIO news, career tips, views and events. Follow CIO New Zealand on Twitter:@cio_nz