The essential guide to protecting your business from fraud during COVID-19

By Francesca Dowling, Head of Compliance and fraud expert, Amaiz.

Your business is currently more vulnerable to fraud than ever before.  Covid-19 has caused chaos.  Fraudsters normally have to work hard to trick people into parting with their money. 

Most of us are fairly aware of scams and what to look out for, however, as our working lives have changed we are all more at risk.   I’ve seen estimates that put the rise of fraud, as a direct result of this, at around 80% since the lockdown started.  I’ve devoted my working life to combatting fraud and have developed an instinct for spotting it.  As we all start to try to get back to some sense of normality, I hope the following will help you avoid becoming a victim.

1. The Government is still encouraging people who can work from home to continue to do so, which puts more onus on your employees to ensure security standards don’t slip. It is worth actively reminding employees of the security basics, such as installing updates and having secure passwords. Install anti-virus software on all computers and mobile devices that employees are using (whether or not they belong to the company).
2. Use two-step authentication. If you have an IT support company, they should offer this as standard. If they don’t, it tells you that they don’t take cyber security seriously enough. Regularly change the passwords and when people leave the company.
3. Keep records of everyone who has access to your website and email.  Sounds obvious, but many companies don’t, which means a disgruntled ex-employee can easily hack you or imitate you.
4. Employ an external specialist to try and hack your systems (cyber and social). That way you’ll find out your vulnerabilities before the fraudsters do. This should be separate to the company that manages your IT day to day as it’s not in their interests to expose the flaws in the system they manage.
5. Don’t rely on email and text for communication.  We’re not able to be physically together but talking to people is still a great defence against fraud.  Never send money in response to an e-mail or a text, even from someone you know well.  Scammers can appear to come from a legitimate e-mail or text number and even appear in a legitimate text thread.  One of the most common tricks is to ask you to change bank details for a supplier. This diverts the payment into the fraudsters account, and it can be some time before anyone spots it. 
6. Do your research on potential suppliers and clients.  Don’t just Google their name, also Google their phone number as it can tell you about other businesses they run, or have run, and how legitimate they are. Don’t trust glowing online reviews. I’m always suspicious if there are too many five-star reviews as people rarely review a company unless there is a problem.  The critical reviews will tell you much more, such as whether the company cares, by how they respond, or even if they respond. Do the reviews all sound very similar or contain the same grammatical errors, or no errors, or originate from the same date or same location? This will tell you that they’re written by the same person and the company has paid for them.
7. Treat anyone who phones you as a cold caller, unless they are personally known to you, and never give them sensitive information.  If required by the caller to give out personal information, ask to phone them back. Then call them on the number advertised on the website or that you have from previous correspondence.  Scammers will try and trick you into staying on the line while you do this and pretend to answer the call, so use a different phone to make that call. The more the caller pressurises you into giving money, the more suspicious you should be.  One of the most common scams claim to be from HMRC and tells you that you face imprisonment if you don’t pay immediately. However, HMRC don’t telephone, email or text demanding money. They use letters and personal visits.

Install anti-virus software on mobile devices. Good ones will alert you to suspicious calls by identifying whether the callers comes from the organisation they claim to represent.

8. Be very cautious when using WiFi.  Change the password on the hubs supplied by your telecommunications company and, if possible avoid using public Wi-Fi. It is easy for fraudsters to set up really convincing Wi-Fi and then steal your passwords and bank details.