Almost six million fraud and cyber crimes were committed last year, according to the Office for National Statistics’ Crime Survey for England and Wales*. In this article, NatWest’s Daryl Gayler highlights some of the most common cyber scams and the simple steps you can take to protect your business.

What could falling victim to fraud mean for your business?

• A financial loss that could lead to pressure on cashflow

• An adverse impact on morale within your business

• Lack of confidence with your suppliers/ customers

• Regulatory issues, especially where clients monies are impacted

In addition to computer viruses, the frauds primarily affecting business customers at present are as follows:

‘Bogus Boss’ or CEO Fraud - A payment request, usually urgent and/or one-off, is received by one of your finance team, purporting to come from a senior person within your organisation (email addresses can easily be spoofed). The recipient assumes the instruction is genuine and pays the requested sum to the beneficiary account quoted in the email.

You must:

• Ensure that you and your staff challenge and question what is received - do not take things at ‘face value’

• Contact the sender of the email independently to verify the request

• Not use any contact details within the request

Invoice Redirection Fraud – Fraudsters pose as a supplier, sending a fake but realistic email or letter which claims that their bank details have changed. You are tricked in to updating the sort code and account number you have on file for that supplier, meaning that the next payment you make will go to the fraudster’s account instead.

You must:

• Be vigilant - challenge and question any amendments to account details

• Contact the supplier independently to verify the request

• Not use any contact details within the request

Overpayment Fraud – A new customer places their first order with you, for say £5k. Payment is made direct in to your bank account for a much larger sum, say £50k, using a counterfeit cheque. An urgent request is then received to send back the £45k overpayment. You make the refund using an immediate electronic transfer, but then the cheque bounces, leaving you out of pocket.

You must:

• Undertake due diligence on any new customer

• Check to see if the payment has cleared – victims are lead to believe the cheque is actually an electronic payment

• Be wary of pressure to make the refund – the fraudster knows the cheque will be returned

Insider Fraud – an employee with access to internal financial systems or banking services exploits their privileged access and knowledge to steal from the company. You must:

• Ensure you have a robust pre and post-employment screening process

• Have clear segregation of duties, particularly for staff dealing with payments

• Regularly reconcile bank statements and other accounts to help uncover irregularities


Financial fraud increased by a quarter to £399.5 million in the first six months of 2016^.

Businesses from all sectors and of all sizes have been targeted by the scams outlined in this article, so please remain vigilant at all times. Banks’ security systems continue to prevent the majority of fraud attempts, but employees who use online banking services and other financial products on behalf of their employers also have a key part to play in the battle against cybercrime.

Further information can be obtained from the following sources:

Little Book of big scams business edition –

Action fraud - The national fraud and cybercrime reporting centre

NatWest Security Centre -

References / sources:

* Crime Survey for England & Wales -

^ Financial Fraud Action UK - guresshow/

Click here to read the complete article