Antivirus software alone will not protect your professional services firm, Barclays Corporate Banking is warning, because fraudsters often employ low-tech methods rather than trojans or other malicious software.
One of the most dangerous weapons in the fraudster’s arsenal is social engineering, says the bank, which is urging its professional services clients to check, check and check again. The term applies to fraud which takes place online but relies on human contact – for instance, impersonating your bank or a supplier and requesting an urgent payment be made.
Social engineering takes a variety of forms – variously styled as vishing, smishing or phishing – but they all have the same goal: tricking an employee into giving away sensitive information, or, more commonly, transferring money to the wrong account.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
SUBSCRIBE & SAVE
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
How invoice fraud works
The potential impact is illustrated all too well by the real-life example of one company whose identity is being kept secret. The anonymous client of Barclays Corporate Banking received an email with an invoice for almost £150,000. This was expected, and the firm was ready to pay - but the payment wasn’t due until the following month.
The company then received a second email, which contained the original email trail but had a new invoice attached. This email said the supplier was having issues with its bank account – and provided new account details for settling the invoice. The firm submitted the payment to the new account, which was held with another bank.
The company realised it had been the victim of fraud only when it was contacted by its supplier to say the invoice had not been paid. The supplier confirmed that the bank details on the second invoice were not correct, and that the second email had been fraudulent.
When the bank holding the second account was told what had happened, it investigated and found most of the money had been withdrawn. The company’s IT team is now investigating to see how the interception occurred – but, unfortunately, it is expected that very little of the stolen money will be recovered.
Advice from Barclays
“Professional services clients, much like us at Barclays, have a responsibility for their client monies,” says Adam Groves, head of professional services at Barclays Corporate Banking. “We spend a great deal of time working with our clients to ensure they are well aware of the risks from cyber crime. And we would encourage professional services clients to consider doing the same with their clients.”
He adds: “We have a great deal of support available to help clients understand the risks and how to mitigate them, but if in doubt the key message from us is always to check with a known contact if anything doesn’t seem right.”
The takeaway message is simple, Groves says: “If you do think fraudsters have accessed your or your client’s money, contact your bank as soon as possible, and we will try to help.”
What can we do now?
The key factor is awareness, says Barclays. Companies should make their staff aware of the threat of invoice fraud and encourage them to check invoices carefully, check email addresses and call suppliers on a trusted number held on file to confirm any changes.
To protect themselves and their employers against social engineering phone calls, staff must never assume a caller is genuine just because they have information about their company. And, of course, you should be aware your bank will never ask for your full password or PIN, or request access to IT systems, unless you have initiated the request.
Find out how Barclays Corporate Banking’s industry experts are supporting clients to achieve their ambitions at barclayscorporate.com
Take our survey for your chance to win £100 John Lewis vouchers
Will California's EV mandate survive Trump, SCOTUS challenge?
'Underneath the noise, however, there’s an existential crisis'
2024: the year of distrust in science
Cyber-insurance uptake on the rise
Accountancy giant Deloitte hit by cyber attack
