Social Distancing and Compliance – how the currently increased risks of fraud can be prevented

In times of crisis creative fraud concepts flourish. Fraudsters - especially those who do not belong to a company but have knowledge of its internal processes - often try to derive personal benefit from lack of security in the familiar structures, responsibilities and processes.

Fraud risks in crises are multifaceted. In addition to individual susceptibility to errors due to work overload and reorganisation, there is also a structural susceptibility to errors due to the neglect of security measures, standardized processes, basic standards and the monitoring and control of entire company divisions. But what are the specific risks for companies and how can they be avoided?

Risk 1: Spear phishing and “whaling”

The greatest change in work processes right now is the sudden departure from physical presence at the workplace to a comprehensive home office and from personal business contacts to predominantly long-distance communication. This change works as a catalyst for fraudulent concepts based on identity deception, such as so-called “spear phishing” or “whaling” attacks. In such targeted phishing attacks, fraudsters assume the identity of the managing director or another supervisor and instruct employees, for example, to make payments on a fictitious invoice or make unauthorized transfers.

Risk 2: Value added tax carousel fraud

Another example of fraud methods facilitated by personal distance is VAT carousel fraud. In particular, companies and sole traders who sell high-quality small parts subject to VAT are at risk of becoming unwanted participants in such transactions. In order to avoid this, special attention must be paid to new customers without a previous business relationship. In particular, caution is required if an initial order is followed by a multitude of large, extensive orders.

Risk 3: Exchange of account data

Another case within the category of identity deception concerns companies with high, regularly recurring payments (e.g. rent payments). Such existing payment relationships are particularly susceptible to a subtle exchange of account data allegedly in the name of the contracting party or the agreement of special payments to a separate bank account.

You can minimize the risks in your company by implementing the following measures:

• Sufficient protection of accounting and all areas involved in finances: Are those with access to bank accounts and the competence to initiate transfers safe from fraudulent e-mails and phone calls and do they have regular personal contact with their superiors?
• Are the responsible employees trained in fraud and other risk indicators? These include:
  • Unusual enquiries or conspicuously large orders from new customers, whose business background is unknown or difficult to ascertain. Equally unusual is the early enquiry/transmission of the VAT identification number.
  • (New) customers who place a large order, pay and then try to cancel the order claiming a refund of the purchase price. Such a procedure can serve money laundering purposes and should necessitate a thorough check of the business partner.
  • An alleged COVID-19-related sudden change in circumstances or contact details of a business partner with whom an ongoing business relationship exists (e.g. a changed e-mail address or new bank details for the payment of an invoice). Such changes should be treated with extreme caution and should be checked frequently as opposed to infrequently.
  • Former employees or those on garden leave should have their access to company systems blocked and their susceptibility to fraud should be closely monitored.