Business scams becoming increasingly sophisticated with 68% of enterprises affected.
Credit card fraud at highest ever at 23%.
Fraud and attempted fraud by staff has doubled for 6% of companies.
ISME advises business to be more pro-active as millions of euro at risk.
ISME, Monday 18th August 2014
ISME, the Irish Small & Medium Enterprises Association, has warned all businesses to be extra vigilant as reports of business scams to the ISME helpline have increased dramatically in the last month. The Association cautioned that enterprise fraud is becoming increasingly sophisticated and businesses must be constantly vigilant. The results of the Association’s recent Crime Survey confirm that 68% of businesses have been a scam target in the last year. Spamming is still the highest intrusion at 86% and three quarters identified overseas offers, 61% ‘phishing’, 58% virus infection and 48% dubious business directories, as the main scams perpetrated on their business. A massive 82% of businesses have been the target of computer related crime attempts. A worrying aspect of this survey is the increase in credit card and staff fraud. Credit card fraud at 23% is the highest ever recorded up from 18% to 23%, supplier initiated fraud occurred in 15%, while staff fraud, suffered by 6% of enterprises, doubled from the 3% last year and the highest since 2005.
Commenting, ISME Chief Executive, Mark Fielding, outlined, “The level of fraud and scam attempts on SMEs is rising and owner-managers need to keep themselves informed of the array of methods being used. New and ingenious methods are being devised continuously and it is imperative that all business owners remain vigilant and staff are adequately trained to combat this crime.”
“It has come to our attention that a number of businesses have fallen victim to social engineering scams in recent months. These are scams where the information is attained from a person rather than through the computer system. An elaborate lie or impersonation is used to establish legitimacy, with Revenue or bank as cover. The perpetrators obtain enough information, including full details of the online banking passwords, to gain access to the victim company bank account, following which fraudulent high value payments are made. All it takes is for one member of staff to make an innocent mistake that could end up costing their employer thousands”, he continued.
The Association recommends the following to help deal with fake invoices and requests:
A full review of all ‘internal control procedures’.
All invoices must be checked carefully - especially those coming from abroad or unknown suppliers.
If in doubt about the validity of an invoice, call the company for further details. All reputable firms will be happy to share this information.
Check the document for small print and read it.
Nominate one or two senior staff who must sign all documentation being sent to third parties in relation to directories and the like.
Ensure that all signatories within the company are fully briefed.
Ensure that all staff understand procedures for giving sensitive details and signing off information leaving the establishment.
Never respond to an internet request for information from a bank, DELETE is the only action that should be taken.
Ensure that your business has an appropriate E-mail and Internet Policy for all staff.
ISME also recommends that any business being harassed by bogus “legal” demands for payment for Directory entries to contact the ISME Helpline on 01 6622755 for the appropriate response.
In conclusion, Fielding outlined, “Businesses must do their utmost to minimize their risk and exposure to scams. Vigilance, training and repeated awareness raising are vital. The non-financial effects of scams can also be substantial, where fraud can create to an atmosphere of distrust which affects management and staff, while reputational damage affects customers. Scam losses are a completely avoidable evil but the effects can be catastrophic, leading to job losses and business closures.”