-

Navigating a changing threat landscape

Ensure your business is well-equipped to deal with fraudsters

The Covid opportunity

When Covid-19 struck, opportunistic cybercriminals quickly identified new avenues through which to scam and defraud vulnerable individuals and businesses. How can a business ensure that its people are always well-equipped to adapt with the fraudsters?

Just months into the Covid-19 pandemic, the UK’s National Fraud Intelligence Bureau (NFIB)^ reported a disturbing new trend in coronavirus-related fraud. Between 1 February 2020 and 18 March 2020, there had been 105 reports to Action Fraud, with total losses reaching nearly £970,000.

Whether distributing malware or using social engineering for scams, the coronavirus pandemic has provided a platform for fraudsters to gain people’s trust. While, at the same time, individuals are living and working in unusual conditions that leave them more susceptible to suggestion

Lee Fitzgerald

Director of Fraud Risk Strategy at Barclays International

There has been a wealth of worrisome stories in the press throughout the pandemic. Impersonation fraud, for example, where fraudsters pretend to be the World Health Organisation (WHO) taking orders for PPE that doesn’t exist or even trying to take payments for vaccines that are being offered free.

Threats are constantly adapting, and Covid-19, while causing a great deal of distress to many who have been victims of fraud, has at least highlighted the risks, and helped individuals and businesses be more aware of some of the threats. While the pandemic has for many caused a monumental shift towards remote working, this constant adaptation is something that businesses can and should be prepared for, pandemic or no pandemic.

It helps to be suspicious

Familiarity breeds contempt. That’s why fraudsters change their tactics so often. We have all lived long enough to know that if someone is coming door-to-door offering to fix your roof, there’s likely something amiss. And the same is the case with any number of email scams – those of us who spend a lot of time online have learnt to spot them mostly efficiently and correctly.

But it only takes a single lapse. Familiarity with your job also breeds complacency. There are steps you can take to spot fraudulent emails, but the important thing to remember is to always be suspicious. If something doesn’t feel right, then it probably isn’t.

Watch out for these common signs of fraud

1

Spelling errors in emails or invoices.

2

Emails from public domain addresses or without a person’s name attached, e.g. accountmanager@example.com.

3

Unexpected changes in personnel, bank account details or telephone numbers.

4

A sense of urgency or request for immediate action.

5

Emails from very senior individuals - fraudsters often pose as high-level execs to lend themselves authority.

The business risk

Many of these attacks are geared towards individuals, but business risk has increased too, says Fitzgerald.

Malicious emails can appear to come from trusted organisations like banks, co-workers, managers or IT administrators. With so many people now working from home as well, it has become more complicated to verify the authenticity of emails

Lee Fitzgerald

Director of Fraud Risk Strategy at Barclays International

These emails, known as business email compromise (BEC) scams, can be social engineering attacks that attempt to trick victims into transferring sensitive company information or funds from the company account. Or they may be phishing mails with malware attached that can infiltrate the business network and download sensitive credentials in order to attack the firm or steal from its corporate payment systems.

These emails will appear to come from trusted sources. A manufacturing firm, for example, may get an email about temporary supply disruptions from the government or a known supplier. Clicking on the link in the email downloads the malware that the cybercriminals will use to exploit the company’s network.

“Individuals within an organisation can also receive the same sort of emails that prey on their fears as those outside businesses. These can offer false advice and cures, or ask for charity or support or offer vaccination programmes, often as a way to get malware into the business,” Fitzgerald says.

Don’t succumb to the pressure

Opportunists will always look for a weak link to break and Covid-19 has provided legitimate fears and worries that cybercriminals can exploit. For businesses, this includes not only the health concerns of the pandemic, but also the economic consequences of the measures taken to fight the outbreak.

Businesses have been put under enormous pressure. With economic activity at times brought to a virtual standstill, some have been unable to trade and others are pursuing new revenue streams that they need to adapt to. Supply chains have been affected and many companies have had to onboard new suppliers to keep business moving, often doing so virtually and from home.

“Most businesses have a process in place to onboard new suppliers. But their main focus right now is business continuity and sales and as they adapt their process to work-from-home protocols, things can slip through the cracks,” explains Fitzgerald.

Fraudsters will always pile on the pressure, making businesses feel that they don’t have the time or resources to properly vet new suppliers.

Reinforce processes – especially when remote working

Relaxing processes creates soft spots that cybercriminals can attack. We’re no longer in the early days of working from home, when many businesses were understandably scrambling to adapt to the new conditions. Now is the time for businesses to analyse their processes and make sure that they are fit-for-purpose in this environment.

Companies also need to ensure that their employees still feel empowered to raise concerns and run verification on business requests.

Strong leadership and an open culture can make it easier for people to speak up and understand their role in protecting the business

Lee Fitzgerald

Director of Fraud Risk Strategy at Barclays International

During the pandemic, be open with employees about their fears, make sure they feel informed about the business situation and that they check known resources when they get official-looking emails about Covid-19.

“Cybersecurity is all about preparation and education. Businesses should be sure that they’re up-to-date with the latest threats, often reported in the media or by Action Fraud in the UK. They also need to educate employees and empower them to speak up whenever they see anything unusual,” Fitzgerald concludes.

Read related insights

insights

Quarterly Fraud Webinar

Listen to our quarterly webinar to discover the latest insights into fraud and how you can protect yourself and your business.

Insights

People – your first line of defence in the war on cybercrime

Mobilising your human resources may be your best line of defence against cybercrime, as Lee Fitzgerald, Director of Fraud Risk Strategy, explains.

insights

Fraud trends targeting your business in 2021

Fraud is on the rise, but what are the trends that businesses need to look out for and how can they protect themselves? We talk to experts from the Fraud Advisory Panel to find out more.