They’re reportedly neglecting to take basic precautions to protect themselves. The research found that only half of business check the details of an emailed invoice when asked to make an online payment.
Invoice fraud is one of the fastest-growing scams for UK businesses. In its most recent report, UK Finance says that invoice scams were the third most common type of authorised pus payment (APP) scam. A whopping £49.3m was lost by victims as result of invoice scams in the first half of 2018. The majority were from non-personal or business accounts.
Among those who said that we would check the details, two fifths said they be satisfied by calling the number on the invoice email – leaving them equally vulnerable to scammers who can impersonate legitimate payees over the phone.
Just under two fifths (39%) of business owners and business owners and senior managers said the would agree to pay fees to their accountants using a new bank account following an email request, without making any checks to find out if the request was genuine.
Sue Douthwaite, managing director of Santander Business, said: “I would strongly urge business owners and managers to ensure they have robust controls in place to prevent fraud. Before attempting any payments, businesses should always double-check the details directly with the company and in cases of suspected fraud, contact the bank immediately.”
Five risk areas: Typical business frauds
- External attacks. Identify any areas that might be vulnerable to hijack, such as a large transfer of money to a supplier. Ensure the process for completing the payment is secure, for example by verifying account details from two separate sources.
- Payroll fraud. Look out for warning signs such as an ex-employee kept on the payroll (with pay diverted to the fraudster), employees manipulating timesheets to increase their hours or an employee who requests an advance which is never paid back.
- Accounting fraud. An employee might manipulate the company’s accounts to cover up a theft or use the company’s accounts to steal. Look out for expense account fraud, such as forged receipts or double claiming for expenses. Run spot-checks on your accounts, including accounts that have been written off by the business.
- Supplier fraud. This can be committed by suppliers on their own or in collusion with an “insider” employee. Examples include an employee who accepts a payment in exchange for giving an advantage to a particular supplier, or where a supplier inflates invoices to charge the company for more goods that it provides or a higher price than was agreed.
- Look out for employees who are unwilling to take annual leave or seem reluctant to let others get involved in their work (out of a fear that the fraud will be discovered). Implement compulsory annual leave in high risk areas.
- Low-level theft or fraud. Don’t forget about the cumulative impact of theft from your company. This could include anything from theft of petty cash to misuse of company services, for example using company services or resources, such as a company car, for personal use.
- Assemble the right fraud-busting team. Gather a core team of people – including a representative from HR, IT, finance and management. Involve your legal advisors as soon as possible and consider whether you need other external help, such as IT experts to capture and secure all data.
- Keep it confidential. It is important not to make the fraudster aware of your suspicions as you risk them interfering with evidence. Be aware that other employees might tip off the fraudster and keep your suspicions to as few people as possible.
- Investigate. Obtain as much information as you can before anyone is questioned. Keep copies of all financial information, including copies of payrolls, expense reports, invoices and credit card statements. Ensure that electronic records are preserved. Keep detailed notes but be aware that any documents you create may be disclosable in legal proceedings.
- Consider your legal options. Depending on the circumstances, and legal advice, you could terminate the employee’s employment, bring a civil claim and/or bring a criminal prosecution against the employee. You may also be able to make an insurance claim.
- Consider your controls. Implement a ‘fraud response plan’ so that everyone knows how a potential fraud should be dealt with in your business and who is responsible for investigating it. This also means that employees know that your organisation is serious about fraud.
The danger of fraud if left undiscovered is that the perpetrator becomes emboldened and repeats the behaviour. We have known situations where detection has taken five years or more by which time small amounts of expense fiddling have graduated to large thefts with a real impact on the bottom line.
Often it is a company’s auditor who spots irregularities but sometimes it can be an employee whistleblower or a change of manager who highlights a reason for suspicion. The only lesson for business managers is to be ever vigilant.
Hannah Fitzwilliam is from the dispute resolution team at Kingsley Napley LLP.