Beware simple scams
Attacks on smaller firms are often less sophisticated than you might think
Fraud cases continue to soar, with crimes up by 151% last year according to research from KPMG. Small businesses are a favoured target, and the attacks are often far less sophisticated than you might think. Indeed, while many small businesses are worried about falling prey to elaborate cyberattacks, they may be overlooking the danger of simple scams.
Accounts-payable fraud is a particular vulnerability for many small businesses. One common problem is “long firm” scams, where a client makes a number of small purchases from your business over several months, all paid for on time, in order to build up trust; then it makes a much larger purchase and disappears without paying. You may also be vulnerable to fraud from within: employees creating fake invoices to divert money into their own accounts, for example.
Payroll is another area ripe for internal fraud if you don’t have robust systems in place. It may be possible for staff to overstate their sales figures, exaggerate their working hours, or just to claim false expenses. Such scams can be hard to spot, particularly if they involve the collusion of an employee in the payroll team.
Other frauds take advantage of modern communications technologies. CEO frauds involve the finance department receiving an email from someone purporting to be a senior figure in the business. The email, which comes from an address that looks legitimate, instructs finance to make an urgent payment to a third party, which is the fraudster’s account. Those behind such scams bank on finance teams scrambling to obey instructions from someone senior and therefore not making proper checks.
Invoice scams, meanwhile, depend on fraudsters identifying your regular suppliers. They then contact the finance team, pretending to be one of those suppliers, and provide new bank details for future payments. You may only realise you’ve been scammed when the genuine supplier gets in touch to ask why they have not been paid. The list of potential cons is a long one, with multiple variations on each type of scam – and that’s before you start worrying about phishing emails and other forms of cyberattack.
Boosting internal controls
However, strong internal processes and controls will substantially reduce your vulnerability to fraud. Some of this is common sense – the Take Five campaign to reduce fraud urges everyone to protect themselves by taking a bit of time before releasing money or sensitive information.
Such a pause gives you a moment to think about whether any payment is legitimate. Time also gives you breathing space to make additional checks. Many frauds depend on emailed information. You can reduce the risk of scams such as CEO and invoice fraud with rules that require verbal confirmation of all requests for payments or bank account changes.
More broadly, conduct financial audits yearly, using an independent auditor if necessary. The key is to scrutinise payments and receipts carefully, making sure the figures add up. Where there are discrepancies, these must be investigated – mistakes happen, but these may also suggest fraud.
Good fraud awareness training and clear procedures for making disbursements will ensure that everyone in the business can help in the fight. Controls such as requirements for countersignatures and managerial sign-offs can help. Insisting on credit checks of clients can reduce your vulnerability to accounts payable fraud. Finally, if you’re concerned about internal fraud, make it easy for staff to report their suspicions – for example, an email address to which they can make anonymous reports.