The 5 scarily sophisticated scams targeting SMEs right now
Scam calls, texts and emails are increasing across the banking and fintech industry, and sadly the criminals behind these scams are getting ever more persuasive and sophisticated.
Many of the latest scams focus on convincing the business owners themselves to send the cash directly to the criminals. While you may think that you wouldn’t get conned, the scenarios are so slick it’s as if the criminals behind them had trained in acting at RADA, picked up tech tips at MIT and combed the script of Mission Impossible for outlandish plans.
We want to make as many business owners as possible aware of the specific ploys being used by fraudsters right now. So, if you find yourself in any of the following situations alarm bells should ring…
Fraudsters can “hear” your activation code
Most people know not to disclose the activation or login code to their account on the phone to anyone. Scammers are now using this to their advantage. When they call pretending to be from a bank or finance app, they’ll immediately put customers at ease by saying, ‘We’ve detected fraud on your account and need to stop your direct debits. Of course, you know that for security reasons we’d never ask you to disclose your code to us on the telephone, so just please enter the code on your keypad.’
Little does the customer realise that by listening to the different tones their phone makes as they tap in the digits, the scammers can work out the code.
What to do: If you’re ever asked to share your activation code, don’t do it.
Spoofing “official” numbers
Just because you get a call from a number you recognise – your bank, business account, finance app or HMRC – it doesn’t mean it is legitimate. Fraudsters can generate the number displayed when you receive a call, so of course they are choosing numbers printed on official communications from financial institutions to convince their victims the call is genuine.
The criminal on the phone will usually be well spoken (no cliched Eastern European baddie accents!), acting the role of the ‘official’ with aplomb and sticking to a believable script. It takes real sophistication to keep the customer’s confidence on a lengthy call, all the while gaining trust and extracting information before convincing the victim, ‘Your money is at risk, we’re telling you to move your money to a safer place by sending payment to this alternative account’.
What to do: If you get a call you are not expecting, ask them to contact you via the post, or via a message on their app that you know is secure.
Hacking your suppliers
Watch out for emails from regular suppliers saying, ‘Our account details have changed, please use these new account details when you pay your next invoice’.
Fraudsters are researching companies to make calculated guesses about suppliers and sending out speculative emails. Before you know it, next time you do your monthly accounts you are sending money directly to the scammer’s bank account.
What to do: Double check that the email is in the usual format, from the usual person you deal with and always call the financial controller to confirm the change of details.
Infiltrating your organisation
Directorsand employees from companies are searchable on the internet or on sites like LinkedIn, and email addresses are often available – or easy to work out.
One scenario becoming commonplace is that someone at an organisation gets an email from a manager asking them to buy gift vouchers as a reward for staff from a certain site, with a link provided. It happened to Dinah. ‘I had an email from my boss, asking me to order several thousand pounds of gift vouchers and saying that “confidentiality would be appreciated as it was a surprise”. I thought I was the chosen one, so I did it as quickly as I could. I actually sent the money straight to the fraudsters. I felt really silly but it was so convincing.’
What to do: Double check the email format and if in any doubt start a new email to that person, using your company address book, to confirm what they are asking you to do.
Funnelling away your Facebook marketing money
Many businesses have a Facebook marketing account for advertising and criminals are exploiting this. John, a freelance developer, explains how he was scammed this way. ‘They presented me with a dodgy app showing a “sign in via Facebook” interface screen that looked genuine. So I entered my log in details, which the scammers used to gain access to my account. I had a direct debit set up for advertising and they instantly spent £10,000 on Facebook marketing, getting free advertising for their fraudulent apps to extend the scheme further.’
What to do: Be wary of using “sign-in via Facebook” on sites or apps you haven’t used before and make sure you regularly keep a track of your Facebook Marketing spend.