Updated Cookies Policy - you'll see this message only once.
Cyber fraud can result in major financial losses, and data breaches have the potential to profoundly damage trust in a company; fraudsters monetise stolen information by selling it on online, and the impact this has on businesses reputations can be severe.
This is why it’s so important that the future workplace is alert to, and protected against, these threats.
The threat of cyber fraud can seem a difficult one to combat. However, it’s important to remember that most cyber fraud attacks depend heavily on human interactions – fraudsters have long identified that the easiest way to breach an organisation’s defences is to target its people, not its systems.
Social engineering is the method by which fraudsters aim to trick people into breaking normal security procedures. Fraudsters are usually looking for the victim to give up sensitive information, such as bank login details, or for them to enable malicious software to be installed onto their device. They may also trick the victim into carrying out a fraudulent payment themselves.
In social engineering cases, fraudsters often have thorough knowledge of the company, which enables them to build trust with the victim. They may be aware of regular payments that are due or of the structure of teams within the company, enabling them to impersonate employees.
The most common forms of social engineering for businesses are:
For international clients, invoice fraud and email scams are a key threat, with fraudsters hacking email accounts and altering bank account details on invoices.
In 2016, £1.35 billion of attempted fraud was prevented – that’s the equivalent of £6.40 in every £10 of attempted fraud that UK banks have stopped2.
Different scams can be combatted in different ways.
As an example, CEO impersonation fraud has become easier due to the growth of social media. Criminals can easily find personal details of senior employees online – for example, when they are out of the country – and use this information maliciously.
This means that an important mechanism to prevent CEO fraud involves being careful about what information is made available online.
To combat invoice fraud, you should always confirm requests from alleged suppliers or distributors via a known contact number.
If anything feels suspicious, take five and make sure you confirm with a known contact any requests. Fraudsters can email you with email addresses that look very similar to a known contact, be aware of this and consider phoning your contact on a trusted number.
A key method of cyber fraud is transferring malicious software – ‘malware’ – to your device, in order to disrupt your technological operations and access confidential information.
Malware can be installed into your computer through clicking a link in an email, opening an attachment to an email, using a removable device (such as a USB pen), or by downloading software from a malicious source.
Two prominent forms of malware are:
In May 2017, there was a significant global cyber security attack dubbed "the biggest ransomware outbreak in history."3.
The attack, dubbed WannaCry, used hacking tools believed to have been developed by the US National Security Agency, and more than 300,000 computers were infected – hitting the NHS, and international shipper FedEx, with widespread impacts to Russia, Taiwan, Ukraine and India4.
Keeping software and operating systems up-to-date is even more important to protect against ransomware and mitigate the risks.
The impact on the NHS from WannaCry would have been significantly reduced if their operating systems had been patched, and it recently emerged that tech companies, including Apple, have been racing to fix the Meltdown and Spectre bugs, which could allow hackers to steal data.
Network attacks – emails are an unsecure channel
Another form of cyber threat is a network attack. This is when a third party intercepts communications sent over an unsecured network.
Emails are the main communication method for most companies, yet it is often forgotten how unsecure the communications can be. An email can be thought of like a postcard – it can be read as it moves across networks.
It’s important that sensitive information is sent over encrypted networks. Secure Sockets Layer (SSL) is the standard security technology for establishing an encrypted link between a web server and a browser.
For more information, visit:
Please note that this article is not a comprehensive guide to cyber security and keeping your and your customers’ information safe. There can be no replacement for having the expertise of a cyber security professional and regular testing of systems and networks. We always recommend seeking out professional expertise to ensure you are compliant with all legalities and requirements from a data protection perspective.
If you have any questions or concerns about fraud contact us:
0330 156 0155 / 0800 056 4890*