When your phone rings, it can be difficult to know who you’re speaking to. In the first half of 2022 alone, people and businesses paid away £98.4 million to impersonation scams in the UK*. Impersonation scams are common, with fraudsters often claiming to be from your bank, the police, HMRC, or even someone senior in your business.
If a fraudster can deceive or manipulate just one person in your business, they may be able to bypass other defences by using technology such as fake caller ID, or spoof text messages containing one-time passcodes.
What can you do to help protect yourself and your business?
The National Cyber Security Centre (NCSC) recommends taking a ‘three pillars’ approach to online security, where the pillars are people, processes and technology. Having well trained people, clear processes, and the right technology in place helps provide a strong defence from fraud and scams.
Do your colleagues know what to look out for?
The people in your business are your first, and often strongest line of defence. Many organisations are targeted in an attempt to trick employees into sharing information or making a payment. Common approaches include ‘there’s a problem with your account that requires immediate action’ or ‘we’re investigating suspicious activity, and we need you to move your money to another account’.
Fraudsters are clever and often appear knowledgeable, using industry language and terms to make them seem more trustworthy. However, by training colleagues to spot red flags, you’ll actively be stopping most scams at their root. You can do this by:
Promoting open discussions about scams and online security in your business
Encouraging everyone to double check, and challenge anything that looks suspicious, without the fear of repercussion if it turns out not to be a scam
Do you have established payment and reporting processes?
Scams often rely on placing people under pressure, encouraging them to act quickly and without thinking. Even with the best training in place, mistakes can happen. That’s why having simple, easy to follow, payment and reporting processes creates a second line of defence. By embedding simple processes into your business, you’ll be helping to make sure that if anything slips through the cracks, it’s easily dealt with.
Key processes you could use in your business are:
Making sure two different colleagues independently check payments before they’re made. You can use the ‘dual authorisation’ setting in Bankline to help with this
Treating all requests for changes to account details or contact information as suspicious and verifying all of these using a trusted telephone number, not the one contained in the request
The earlier a successful scam is reported, the more likely it is that your bank will be able to recover any lost money. Therefore, ensuring colleagues aren’t afraid to speak up if a mistake has happened will help your business to respond quickly and effectively, minimising losses.
Are you using technology to make online security easier?
Socially engineered scams, where criminals trick victims into authorising payments, are among the most common threats a business faces. While antivirus software is vital to help prevent malware attacks, it’s not designed to help protect a business from socially engineered scams. However, there are other technologies that your business can use to support your people and processes.
Confirmation of Payee will tell you if the name you’ve entered matches the account details held at the beneficiary bank. You should be extra cautious if Confirmation of Payee brings back results of partial match, not a match or Confirmation of Payee is unavailable. Even with Confirmation of Payee in place, you should still follow your established processes to ensure the request is legitimate, such as calling the beneficiary on a trusted telephone number.
Bankline also has a range of pre-built security settings available to all users that can help to strengthen and streamline your payments process. You should take a look at what settings are available and familiarise yourself with how they work. To learn how to set them up, you can watch our short videos.
Impersonation calls are a common approach used by fraudsters and could be hugely damaging to your business. Committing to training your colleagues, establishing easy to follow processes, and using the right technology can help prevent you from being affected.