HSBC UK: New fraud data & insight tied to ‘Black Fraud-Day’
With unscrupulous scammers attempting to turn Black Friday into Black Fraud-Day, HSBC UK is encouraging UK businesses of all sizes to help keep themselves and their customers safe as they enter a pivotal sales season.
David Callington, HSBC UK’s head of fraud, warned: “Unscrupulous scammers aren’t just targeting individuals in the lead up to the biggest sales and service season of the year, but also businesses of all sizes. We’ve seen an increase in businesses being targeted by fraudsters and cyber criminals this past quarter, especially when making payments for products or services.
“The fight against financial crime is strongest when we all work together. We’re working 24/7 to protect all our customers, and we encourage them to also educate themselves and their staff on the tactics used by unscrupulous criminals in what is often the busiest and most important time of year for many across the UK.”
Most common scam and fraud attacks impacting UK businesses right now
- Purchase Scams: Purchase scams happen when you’re paying for an item or service, however the sender has no intent to provide it. New scam data from HSBC UK has shown the average purchase scam amount perpetrated against its business customers reached £2,960 in October this year – with volumes increasing year over year.
- Business Email Compromise: A sophisticated scam targeting businesses that make regular payments, tricking them into making payments to a fraudsters account instead of the genuine payees account. HSBC UK has seen an increase in the number of cases in October this year vs in the previous three months.
It may occur when an email account is:
- spoofed: The fraudster creates an account that is so close to the real suppliers or owners correct address, that most people would miss the change. For example: @CompanyABC.com instead of @CompanyACB.com
- compromised (hacked): The fraudster is able to gain access to the supplier’s email account or one of the business’ senior staff’s email account. They may achieve this through the use of malware (virus) or by obtaining the email password through another method, such as a vishing call.
Fraudsters use spoofing or hacking to make payment requests, which are often aligned with genuine activities of your business. Fraudsters will replace genuine invoices with ones that include their bank account details under the disguise that the company has changed/has a new bank account.
Business Email Compromise often used to commit CEO Fraud, which is where criminals impersonate the CEO or other senior members of staff in the organisation and send emails to the accounts department to make a large payment urgently. They often time this so that the manager they are impersonating is away and the details are difficult to verify, they impersonate senior management to play on their authority.
Added Callington: “Fraudsters like to strike when businesses are at their busiest, knowing that staff could be helping out or re-assigned to unfamiliar tasks like making purchases or paying invoices. Make sure any and all staff are aware of the risk of scams and fraud when making payments or paying invoices.”
How to protect your business from scams and fraud
- Purchase scams are one of the most common scams impacting UK businesses right now. When making purchases online for your business:
- Review the webpage and address for misspellings, additional characters
- Research the company before making a purchase (including with buzzwords like ‘scam’ and ‘fraud’ to see if there are negative reports);
- Always use a secure payment method and be wary if asked to make bank transfers upfront
- Remember, if the offer is too good to be true, it normally is
Criminals can access or alter emails and invoices to make them look genuine. When paying a supplier for the first time or when making changes to a financial arrangement:
- Always confirm any changes in bank account details directly with the company either on the telephone or in person before making the payment.
- Do not use the contact details in an email as this could be the fraudster, instead use details of a known contact in the organisation or from their official website.
Educate yourself and your staff. When business is busy, sometimes people aim to help out or are assigned unfamiliar tasks like making purchases or paying invoices:
- Make sure any and all staff making purchases, payments or processing invoices know what to look out for and what to do before making any payments.
Encourage an open culture and have a procedure in place for staff to escalate concerns.
- Look out for the latest updates and advice from your bank or financial services provider. For example, HSBC’s Fraud and Cyber Awareness app (iOS, Android) is available to all, and their popular fraud and cyber awareness webinars are available for free live or on demand.
- If you think you may have fallen victim to fraud or a scam, contact your financial service provider immediately.
- If you’re an HSBC UK customer, and you’ve authorised a bank transfer or bill payment and now believe you’ve been the victim of a scam, you can call us 24 hours a day, 7 days a week. Visit Fraud Reporting | HSBC UK to find out more.