29 April 2020
In times of crisis creative fraud concepts flourish. Fraudsters - especially those who do not belong to a company but have knowledge of its internal processes - often try to derive personal benefit from lack of security in the familiar structures, responsibilities and processes.
Fraud risks in crises are multifaceted. In addition to individual susceptibility to errors due to work overload and reorganisation, there is also a structural susceptibility to errors due to the neglect of security measures, standardized processes, basic standards and the monitoring and control of entire company divisions. But what are the specific risks for companies and how can they be avoided?
The greatest change in work processes right now is the sudden departure from physical presence at the workplace to a comprehensive home office and from personal business contacts to predominantly long-distance communication. This change works as a catalyst for fraudulent concepts based on identity deception, such as so-called “spear phishing” or “whaling” attacks. In such targeted phishing attacks, fraudsters assume the identity of the managing director or another supervisor and instruct employees, for example, to make payments on a fictitious invoice or make unauthorized transfers.
Another example of fraud methods facilitated by personal distance is VAT carousel fraud. In particular, companies and sole traders who sell high-quality small parts subject to VAT are at risk of becoming unwanted participants in such transactions. In order to avoid this, special attention must be paid to new customers without a previous business relationship. In particular, caution is required if an initial order is followed by a multitude of large, extensive orders.
Another case within the category of identity deception concerns companies with high, regularly recurring payments (e.g. rent payments). Such existing payment relationships are particularly susceptible to a subtle exchange of account data allegedly in the name of the contracting party or the agreement of special payments to a separate bank account.
You can minimize the risks in your company by implementing the following measures: