While business owners are likely to suffer from the same scams and fraud attempts as individuals, there are specific factors that may uniquely affect a business.
Statistics taken from the National Fraud Intelligence Bureau (NFIB) show that in the past year there were 160 fraud reports by organisations within the Cumbria Police remit and this was worth £2.1m in reported losses, with the majority being reported by Limited Companies.*
Business fraud relates to a number of different sections of a business including those of staff, customers, suppliers or third parties. In any business you should be aware of potential risks and ensure that your staff are constantly updated.
You should:
This occurs when someone purchases goods or services from the business and gives them a cheque as payment, however the cheque is later identified as fake or altered by the bank and so effectively bounces.
As an example, if a cheque is given upon check-in for a hotel, by the time this has been deposited and cleared (or bounced if its fake) then the customer has checked out and disappeared. You should never dispatch goods or give a service before a cheque has fully cleared.
Someone may agree to buy goods, pay for a hotel, holiday rental etc at an agreed price but send out a cheque for a greater amount. They then ask that the additional funds are paid back to them by bank transfer to make up for the over-payment.
If the original cheque is then later identified as altered or fake, the business is left out of pocket for both the original goods/service plus the additional amount they returned via transfer.
At The Cumberland we have also seen occasions where fraudsters attempt to pass cheques off as slightly different saying that they are from an overseas bank.
You should always be cautious when accepting cheques and never return money until a cheque has fully cleared.
Employee fraud can occur in various forms, from falsifying overtime, to exploiting procurement (e.g. buying extra goods intended for work purposes such as stationary, and using for personal use) to payment fraud where an employee creates a fake record or processes false documents to generate a ‘dummy’ payment to their personal account.
Descriptions of other types of employee fraud can be found on the action fraud website.
This is where a supplier’s emails have potentially been compromised, and an invoice sent to a business - quite often expected - has altered payee details, so instead of paying the supplier, the money is paid to a fraudster’s account.
These can be hard to spot as often they come from the normal email address which has been dealt with previously. We would recommend that you always double check any updated payment details face to face or in person even if it’s from a known email address or the change has been provided on headed paper and looks legitimate.
This is where a supplier’s emails have potentially been compromised and an invoice sent to a business, quite often expected, but the payee details have been changed so instead of paying the supplier, the money is paid to a fraudsters account.
These can be hard to spot as often they come from the normal email address which has been dealt with previously. We would recommend that you always double check any updated payment details face to face or in person even if it’s from a known email address.
Malware is a piece of software that alters the way that your computer, tablet or mobile phone operates. In some cases it can allow the creator of the software to access personal information and data saved on the device, and in extreme cases can lock you out of your own device entirely, usually followed by a ransom request to allow the user to regain access.
To help prevent malware from being installed on your systems, ant-virus software should be constantly updated and your computer should have an active firewall.
You should also be wary of clicking on links that you’re unsure of or downloading attachments from unsolicited emails.
There have been instances where hotels / guesthouses have had issues around cardholder details where a booking is in one person’s name but paid for by a person with a different name. After the customer has stayed and checked out, the hotel receives a chargeback against them saying that the customer’s stay was fraudulent. When they check their details the names don’t match up.
You should always be cautious when bookings are taken and they aren’t in the name of the cardholder.
This can affect a business that has bought pay-per-click advertising and happens when the advert is deliberately clicked on in order to either inflate the company’s bill, or if clicked enough times, to end the run of the advert. Click fraud can be carried out manually but often involves a scripted computer programme. You should try to analyse the results of any advertising campaigns to check that they haven’t been abused.
In July of this year, a warning was raised of a scam involving a Cumbrian business that received a fake letter from Companies House claiming that they owed money for an ‘Enhanced Web Filing Access’ service that does not exist. The scam was even more convincing as it asked for a relatively small fee that could have been considered realistic.
Spelling errors in the letter and a request for the company to change their payment details were indicators that the letter was a fake.
You should always be wary of unsolicited contact that asks you to change payment details. Also with any letters, emails or texts, spelling mistakes and unusual contact details are an indicator that you should take caution.
Phishing occurs when a cyber-criminal sends a fake email or text as a way to get you to click on a link and give away your information. They often mimic a real brand but with slight differences such as spelling errors or the sender’s email address being different to the one you would expect.
Email scams offer the fraudster the opportunity to send their fake email to thousands of people at once. Many phishing emails hope to panicking the recipient into doing what they ask – usually sending money or crypto currencies, or to click on links that lead to fake websites.
Fraudsters often release fake websites which duplicate those of genuine organisations to get customers to contact them or input their banking details. A simple rule is that if you weren’t expecting an email then you should be wary of clicking on a link. Instead go online and type the correct web address in to your address bar or contact the organisation by a trusted method to find out whether the email was legitimate.
Read our further information on: current scams that affect individuals.
Protecting your banking or personal information is a concern for businesses as well as for individuals, but there are simple steps that you can take that will help reduce your risk of falling victim to fraud.
At any ATM machine, you should always be aware of your surroundings and if anything or anyone looks suspicious then don’t use the machine and notify the bank or building owner. This also applies when using your card in shops or anywhere that you may need to enter your pin number.
You should always keep your passwords safe and never tell anyone (including Cumberland staff).
Phone scams can be a particular threat to your personal data because the fraudster has the advantage of catching you off-guard. Always give yourself time to consider the nature of the call and don’t allow yourself to be rushed into a decision or action.
Read further information on: protecting your personal information for individuals.
We asked Katherine Thomson, Commercial Relationship Manager, to offer some tips for customers who aren’t sure whether it’s The Cumberland who is really calling them. Katherine had some points that our customers should know when it comes to what we would ask for, and what we wouldn’t:
“We will never ask for any card details, any Internet banking login details or any one-time passcodes. We would verify a customer by asking several security questions that are personal to yourself, that only you, the account holder would know.”
And if a customer still wasn’t sure that it was The Cumberland calling: “They should call the Cumberland on 01228 403141. When the call is answered our customer care centre will be able to view internal notes where the original caller will have left a short description of the reason for the call.”
Should the worst case happen, and you believe that you have fallen for a scam, typed your details into a fake website or given them out over the phone to a fraudster, Katherine explains: “Contact the Cumberland immediately. If calling out of hours the customer should leave a voicemail and a member of the fraud team will call them back.”
As a Cumberland customer, if you suspect that you’ve been a victim of fraud then please call us on 01228 403141 (Monday to Friday 8am to 7pm and Saturday 8.30am to 4pm) or visit your local branch as soon as possible to discuss how we can help. If your call is out-of-hours then please leave a voicemail explaining the problem and leaving your name and contact number.
You can report Fraud and Cyber Crime via the national Action Fraud website which has lots of information and you may find the following pages useful starting points:
Help and Advice
Cumbria Police have a detailed section on their website relating to business fraud. This includes:
Action Fraud is the UK’s national reporting centre for fraud and cybercrime where you should report fraud if you have been scammed, defrauded or experienced cyber crime in England, Wales and Northern Ireland.
The service is run by the City of London Police working alongside the National Fraud Intelligence Bureau (NFIB) who are responsible for assessment of the reports and to ensure that your fraud reports reach the right place. The City of London Police is the national policing lead for economic crime.
Their information includes free cybercrime protection and help for businesses.
*Stats taken from NFIB Fraud and Cyber Crime Dashboard
https://www.actionfraud.police.uk/fraud-stats
(Police area: Cumbria, 9th Oct 2023 – 8th October 2024)
These figures are based on a rolling 12 months of data from Action Fraud. Only fraud and cyber crime offences amounting to a crime under the Home Office Crime Recording rules are included. Victim is indicated as an individual based on selection during the reporting process and this has not been verified.