In today's unprecedented times, not everyone will have seen their business slow to a halt. Indeed, fraudsters – particularly those external to a business but with some knowledge of its operations – commonly seek to profit from chaos caused by extraordinary events. Vulnerable individuals, such as elderly people forced to self-isolate, are often the first targets of scams including advance fee fraudsters, boiler rooms, and pension liberation fraudsters.
But what are some of the risks corporate clients should anticipate? For starters, businesses whose staff are forced to work from home or from different premises, and who must conduct otherwise face to face business by telephone or video call, may find they are especially vulnerable to impersonation, or 'spear phishing' or 'whaling' (targeting or impersonating C-Suite) frauds. So too are businesses forced to draft in staff to sensitive financial roles which they may be unfamiliar with, due to sicknesses or self-isolation requirements.
Furthermore, businesses which are particularly busy during the coronavirus crisis may find that sheer fatigue, long hours and a desperation to get work done leads to cutting corners, which again render a business vulnerable to frauds by those with some knowledge of the business (or similar businesses).
For their part, companies and sole traders that sell high value small items that attract VAT should pay close attention to new customers with little apparent trading history who follow their initial order with a quick succession of large, high value orders. These vendors may be being used as a 'buffer company' in a VAT fraud.
Particular risks arise for businesses which must normally make substantial payments (eg to landlords). For example, a business may find itself approached by a person purporting to act on behalf of a landlord, agreeing to a rent deferral in return for a down payment (say 10%) into an account different to the normal rent account.
While the risk inherent in this may seem obvious, it may be less so to someone under considerable stress, who does not know that their communications have been compromised by a phishing fraud. In these times of remote calls and emails, finance departments should take extra care to ensure that the person they are communicating with – even regarding an apparently innocuous information request – is, in fact, who they say they are.
Finally, while many businesses will be focusing on cash flow and how to navigate the various Government assistance packages, we suggest that all should consider the following checklist:
- Is the finance function secure? Are those with access to the business bank accounts, and the ability to direct payments, safe from email or telephone compromise, and are they dealing with familiar faces on a regular (and ideally face to face) basis?
- Are relevant persons in the business on the lookout for fraud or crime risk indicators? They might include:
- New customers with little background, or track record, with unusual requests or particularly large orders. Other risk indicators include asking straight away for the company's VAT number, and offering up their own VAT Number.
- Customers who place a large order, make payment, and then seek to cancel the order and request return of the funds. If this seems highly unusual for the type of business, consideration should be given as to whether this may be money laundering.
- Regular suppliers or customers who cite a change of circumstance or contact details due to the COVID-19 outbreak (eg different email address or bank accounts for payment). Such changes should be double and triple checked.
- Employees placed on furlough or who have had their employment terminated, particularly if they have or had access to sensitive financial information. Consider whether such persons may be vulnerable to influence by fraudsters, and ensure that their login details are frozen.
