View more insights

Common types of business fraud and how to avoid them: Part 2

Business Finance 5 min read 05/12/2024

In part one of our blog series we looked into several types of business fraud and how to make sure your business stays safe.

Fraud can be devasting for SMEs, and as a business leader, its necessary to make sure you’re aware of what could be around the corner in order to take precautions.

In this blog, we look closely at ‘phishing’ and also give a handy checklist of steps to take to keep protected.

What is phishing?

Phishing is a form of fraud that makes use of both technology and social engineering. This form of fraud revolves around attackers sending deceitful digital content to a business in the hopes of getting them to divulge sensitive, or crucial business information such as financial details. This could take the shape of computer viruses, false emails, or website pages, or scam phone calls.

How to stop phishing attacks

While phishing can take shape in multiple forms, there are some preventative steps that can be taken to improve your business’ resilience to it.

Anti-virus software: Most Windows computers will come pre-packaged with an anti-virus: Windows Defender. Though, some businesses may wish to invest in alternative/supplementary options. These can be bought with enterprise licenses for hundreds, if not thousands, of devices to be secured.

These days though, anti-viruses aren’t just for PCs. Mobile phones, especially those running Android, can be attacked. So, make sure your anti-virus provider of choice also supports mobile devices.

Secure your accounts: In this modern age, it’s sometimes not enough to just have a strong password. While strong passwords are recommended, they alone cannot defend against business phishing attacks.

To truly secure your business, you’ll need at least one form of two-step verification for login attempts. This can either be from an MMS-based verification code or an authenticator application installed on a central device.

There are also physical forms of two-step verification, such as USB keys and fingerprint scanners, which will only permit access when such tools are connected to the device attempting to log in.

People looking at ipad
Office meeting

Know the signs: Phishing can be hard to spot, but it is absolutely possible to do so. Common forms of business phishing involve:

  • Email spoofing – attackers will impersonate senior members of a business, attempting to get recipients to carry out tasks for them.
  • False links – some emails and correspondence will appear legitimate, but upon further inspection, the false signs become apparent. This can include the use of falsified links on anchor text or the borrowing of official company assets such as logos to make an email seem legitimate. These can be spotted by hovering over any links in emails before they’re clicked, along with an internal policy to only include certain images and assets in emails compared to publicly available assets.
  • Pop-ups – in the early days of the web, pop-ups were a frequent occurrence. Nowadays, however, they’re much less common. This is because of ad-blockers and the general suspicion around them. Though, they do still appear. Ensuring pop-ups are blocked within your company network can significantly reduce the success of a phishing attack.

Securing company connections: This final tip is especially useful for remote employees that work from home or in public places. Any company-issued tech should ideally be protected via a VPN. This will tunnel any outgoing traffic through a trusted network within the business and help employees to access any on-site resources such as network storage.

Business fraud prevention checklist

Of course, all these kinds of fraud will have their own specific solutions and methods of defending against them. But, to ensure your business is broadly covered, we’ve developed this 10-step checklist:

  1. Refresh your employees’ fraud awareness training. Get involved with national counter-fraud campaigns such as Take Five.
  2. Ensure processes are in place for flagging suspected fraud attempts, and that they are regularly tested for effectiveness.
  3. Review account access for your business current account and business savings accounts.
  4. Promote transparency within the business with a supportive, honest environment. Lead from the front in fighting against fraud by setting the tone from the top.
  5. Frequently schedule payroll check-ins.
  6. Ensure technology is updated and secure – laptops, desktops, and work phones.
  7. Review your data storage - are checks stored securely?
  8. Consider your business insurance - does it cover fraud? If so, what types?
  9. Ensure business information is accurate and up to date on Companies House.
  10. Run credit checks on new customers. Look out for delayed/slow repayments and any outstanding finance. Also establish if the customer or business is genuine – do they have an online profile? Is the business location genuine? Do any accounts show an unexplained uplift, etc.?

Helping your business stay financially prepared

As you can see, fraud can be a major inconvenience. Thankfully, with these methods, you can avoid it and make your business more resilient to its impact.

As another layer of protection, Aldermore offers business savings accounts devised to keep your financial planning in check with a safety net.