Stand Up to Fraud

Here we explore a theoretical scenario where a small business falls victim to a phishing scam via email. Find out what steps they can take next.

Setting the scene

Jenny runs a furniture business in Birmingham. One day, her assistant, Sarah, receives an email that appears to be from the company’s bank, requesting urgent account verification to avoid suspension. The email looks convincing, so Sarah clicks the link and enters the business’s banking login details. Unbeknownst to her, the website is a fake, set up by fraudsters to steal the company’s credentials. By the next morning, Jenny discovers that the company’s bank accounts have been emptied, causing a significant cashflow issue.

What action is recommended?

1. Contact the bank immediately to report the fraud and request that the accounts be frozen and investigated.

2. Disconnect the computer used to enter the details to stop any further fraudulent activity.

3. Report the incident to Action Fraud and the Information Commissioner’s Office (ICO) to investigate the phishing attack and potential data breach.

4. Hire an IT security specialist to scan the system for malware and boost cybersecurity to prevent future attacks.

5. Train up on how to recognise phishing emails and suspicious links to avoid similar incidents in the future.

To safeguard against phishing, smishing and vishing scams, we recommend using the following tactics:

• Train yourself and employees to recognise phishing messages, suspicious links, and attachments to reduce the risk of scams.

• Use multi-factor authentication (MFA) to add an extra layer of security beyond just passwords.

• Ensure you and your staff use strong, unique passwords and update them regularly with password management tools.

• Regularly update all software to fix vulnerabilities that hackers might exploit.

• Install email filters to block potential phishing emails from reaching you and your team’s inboxes.

Here we explore a theoretical scenario where a small business falls victim to a ransomware attack via email. Find out what steps they can take next.

Setting the scene

Shayma runs a successful dentistry clinic in Bristol. Her clinic manager Mika receives an email claiming to be from the industry association for dentistry, stating that the clinic’s details need to be updated, with a link in the email. Mika clicks on the link and doesn’t realise that he has inadvertently downloaded malicious software that allows the attackers to access the clinic’s patient database. The attackers then lock the clinic work stations, demanding payment in cryptocurrency, or they will sell on all the patient data. The attackers also state that Mika and the clinic will be liable to be sued by their patients for not protecting their private data. Mika is given a deadline of 48 hours.

What action is recommended?

1. Disconnect the clinic's workstations from the internet to prevent further access by attackers.

2. Report the incident to the appropriate authorities, such as the Information Commissioner's Office (ICO) in the UK, and provide details of the ransomware attack and potential data breach.

3. Contact a professional IT security firm to assess the extent of the breach, remove the malicious software, and restore access to the patient database.

4. Inform patients about the breach and reassure them that the clinic is taking steps to address the situation and protect their data.

5. Refrain from paying the ransom as it encourages further attacks and does not guarantee the safe return of data. Instead, focus on restoring systems and improving cybersecurity measures.

You can protect your business from ransomware attacks with a multi-layered cybersecurity strategy:

• Regularly back up data offline or in the cloud to recover quickly without paying a ransom.

• Keep all software updated to close any security gaps ransomware can exploit.

• Train yourself and employees to avoid phishing attacks and use safe online practices to prevent malware.

• Use strong antivirus software and tools to detect and stop ransomware early.

• Create a plan to quickly respond and recover if a ransomware attack happens.

Here we explore a theoretical scenario where a business receives a fraudulent request to change the payment information of a supplier via email. Find out what steps they can take next.

Setting the scene

Tariq runs a small manufacturing company in Sheffield. He receives an email which appears to be from their regular supplier, requesting payment for an urgent invoice. The email claims the supplier has changed their bank details and provides new account information. Trusting the request, Tariq updates the payment details and transfers £10,000. Later, the supplier contacts Tariq, confused about the missing payment. The scammer, posing as the supplier, disappears with the funds. 

What action is recommended?

1. Contact the bank immediately to see if they can freeze the transaction.

2. Report the incident to authorities, such as Action Fraud.

3. Inform the legitimate supplier about the fraudulent email and payment.

4. Review and enhance the company's cybersecurity measures.

5. Consider seeking legal advice for potential recovery options.

Safeguarding against billing fraud and false invoices requires a mix of preventive steps and careful monitoring:

• Vet new vendors carefully and regularly review existing ones to ensure they are legitimate.

• Implement strict approval processes and require multiple levels of authorisation.

• Train yourself and staff to understand billing fraud and always verify invoices before processing payments.

• Use accounting software to detect issues like duplicate invoices or unusual billing patterns.

• Perform regular audits to spot discrepancies or suspicious activity in financial records.

Here we explore a theoretical scenario where a small business falls victim to an APP scam. Find out what steps they can take next.

Setting the scene

Salima, the owner of a small architectural firm in the UK, receives an urgent call from someone claiming to be a tax official from HMRC. The caller explains that Salima owes a significant tax amount and must make an immediate payment to avoid penalties. Feeling under pressure, Salima is instructed to transfer the funds via the Faster Payments System to the provided bank details. The caller uses pressure tactics, stressing the urgency and legal repercussions if the payment isn’t made immediately. Shortly after, Salima realises the payment might have been a scam.

What action is recommended?

1. Immediately contact the bank to try to stop the transaction and request a recall or reimbursement claim if
   the payment was fraudulent.

2. Report the fraud to Action Fraud and notify HMRC about the scam to ensure proper authorities are aware.

3. Verify any communication claiming to be from government agencies by contacting them directly through official channels.

4. Review the business’s payment processes and implement safeguards to verify unexpected or urgent payment requests.

5. Train up on how to recognise suspicious payment requests and avoid authorising any transactions without proper verification.

The following tips can help businesses safeguard against Authorised Push Payment fraud:

• Always verify any unexpected or urgent payment requests by contacting the sender directly through official and trusted channels.

• Regularly monitor your bank accounts for any unusual or suspicious activity that could indicate fraudulent transactions.

• Set daily limits on the amount and frequency of instant transfers to reduce the impact of potential fraud.

• Familiarise yourself with the new APP fraud reimbursement claim process.

• Train yourself and staff to recognise phishing and social engineering tactics commonly used by fraudsters to request unauthorised payments.

Here we explore a theoretical scenario where an e-commerce retailer notices multiple transactions from the same customer but using different cards each time, indicating potentially fraudulent activity. Find out what steps they can take next.

Setting the scene

Miriam, the owner of an e-commerce store, notices unusual activity on her website. Multiple back-to-back orders are placed from the same name and email but using different credit cards. While Miriam’s average order consists of three items, one order includes 54 items, and the shipping addresses don’t match the billing information. This suggests potential card-not-present (CNP) fraud. Miriam isn’t sure if she should process the order, as if it’s fraudulent she will have to refund the victim and lose out on the value of the sale. 

What action is recommended?

1. Examine the suspicious orders for signs of fraud, such as mismatched billing and shipping addresses, unusually large orders, or different credit cards.

2. Contact the customers to verify the legitimacy of these transactions and confirm if they authorised the purchases.

3. Implement enhanced security measures by adding verification steps like 3D Secure, CAPTCHA, or CVV requirements for large or suspicious transactions.

4. Monitor the website closely for further signs of CNP fraud, flagging unusual activity, and acting swiftly to prevent further loss.

5. Report the fraud to Action Fraud or relevant authorities in the UK to investigate and take legal action if necessary.

Protect your business against these scams with the following steps:

• Upgrade security protocols, for example by using 3D Secure, to add in extra verification steps at the point of purchase.

• Use secure payment gateways with encryption to protect sensitive financial data.

• Set strict access controls to prevent unauthorised access to accounts.

• Train yourself and your team on common methods used by fraudsters to obtain account or card details.

• Monitor accounts for unusual activity and act quickly on suspicious transactions.

Here we explore a theoretical scenario where an online retailer receives a refund request from a customer who claims they did not receive their order, despite proof of delivery. Find out what steps they can take next.

Setting the scene

John, who runs a small online retailer, sells an electric heater to a customer, who later files a chargeback claim, alleging non-receipt of the item. John provides proof of delivery, but the customer persists, claiming they never received it. The bank initiates a chargeback, refunding the customer. John is left without payment, facing financial loss and product depletion. 

What action is recommended?

John should take the following actions:

1. Compile all relevant documentation, including proof of delivery and communication with the customer.

2. Provide the bank with evidence to dispute the chargeback and request a review of the case.

3. Attempt to resolve the issue directly with the customer to clarify any misunderstandings or concerns.

4. Assess company policies regarding chargebacks and consider updating them if necessary.

5. Implement measures such as signature confirmation or insurance for high-value items to mitigate future chargeback risks.

Safeguard against fraudulent chargebacks with preventive measures and proactive strategies:

• Use fraud detection tools to monitor transactions in real time.

• Implement strong authentication and address verification for online purchases.

• Keep detailed transaction records and respond quickly to disputes.

• Train yourself and staff to recognise fraud signs and handle transactions securely.

• Set clear refund and return policies to manage customer expectations and avoid disputes.

Here we explore a theoretical scenario where a small charity notices a significant rise in failed transactions, indicating that fraudsters could be using their site to validate stolen credit cards. Find out what steps they can take next.

Setting the scene

A small charitable organisation began noticing unusual activity on their donation platform. Over a few days, they saw a significant increase in failed transactions and small donation amounts under £5. After investigating, the Finance Director Marina realised they were victims of a card testing attack, where fraudsters use their donation site to validate stolen credit card details. This activity not only jeopardised their financial security but also threatened their reputation and donor trust.  

What steps should be taken?

1. Contact the payment processor to report fraudulent activity and get help with additional security measures.

2. Engage with an IT security provider for a thorough assessment and security recommendations.

3. Consult the web developer to implement CAPTCHA, device fingerprinting, and secure coding practices.

4. Notify the banking institution to monitor for suspicious activity and collaborate on fraud prevention strategies.

5. Consult with legal counsel to understand the implications of the attack and ensure regulatory compliance.

Businesses can implement several strategies to mitigate against enumeration fraud and card testing attacks:

• Add anti-automation tools like CAPTCHA to checkout pages to block bots.

• Use firewalls and detection tools to identify botnets and prevent attacks.

• Limit the number of transactions allowed within a short time to stop rapid attempts.

• Track unusual traffic spikes or patterns in form entries to catch threats early.

• Set minimum transaction amounts to discourage card testing with low-value purchases.

Here we explore a scenario where a small UK business falls victim to skimming fraud at their point-of-sale (POS) terminals. Find out what steps they can take next.

Setting the scene

A small, independent coffee shop in London, started receiving complaints from customers about unauthorised transactions on their bank accounts after using the café’s card payment system. Upon investigation, owner Mahmoud discovered that a skimming device had been secretly attached to the POS terminal, stealing customers’ card data. The fraud not only put customer trust at risk but also posed serious financial and reputational threats to the business.  

What action is recommended?

1. Immediately disconnect the compromised POS terminal and replace it with a secure system, such as one with EMV chip protection.

2. Report the fraud to the bank and payment processor to stop further fraudulent transactions and seek support with chargeback issues.

3. Engage a security expert to inspect the premises for other devices and recommend stronger security measures. 

4. Notify affected customers promptly, offering guidance on monitoring their accounts and contacting their banks to mitigate damage.

5. Report the incident to the police and Action Fraud to support a broader investigation and prevent future attacks.

Businesses can implement several strategies to mitigate against skimming fraud:

• Regularly inspect payment terminals for signs of tampering, such as loose card readers, unfamiliar attachments, or damaged parts.

• Use EMV chip-enabled terminals and contactless payment methods, which are more secure than magnetic stripe cards against skimming.

• Train yourself and staff to recognise signs of skimming devices and report any suspicious activity around card readers immediately.

• Install tamper-evident seals on POS terminals, and monitor them regularly to detect any signs of unauthorised access.

• Encourage customers to cover the keypad when entering their PIN and to use digital wallets for added security.