Organisations of all types and sizes can fall victim to fraud – from the smallest enterprise to the largest multi-national conglomerate. Fraud can adversely impact the financial health of any business, its image, and its reputation.

Cheque fraud

Cheque fraud occurs when a genuine cheque is either altered (ie, a fraudster changes the payee’s name) or forged (ie, a fraudster steals a blank cheque and uses it), or when a fraudster creates and uses a completely fake cheque.

Tips to protect your business

• Securely store your cheque books when they are not in use and restrict access to them.
• Never pre-sign cheques. Require two (dual) signatures on cheques over a certain amount. Maintain strict security over cheque signing machines.
• Record details of cheques that have been issued, and regularly reconcile these against your bank statements. Use a dual review process wherever possible.
• Stop missing cheques and cheque books immediately.

Corporate identity fraud

Corporate identity fraud occurs when a fraudster impersonates a legitimate business using fake or stolen company identity and/or financial information to obtain goods, money or services. A business may be impersonated using phishing emails, bogus websites and/or false invoices. Sometimes a fraudster will even change company details with government agencies (such as UK Companies House).

Tips to protect your business

• Securely destroy all confidential and sensitive business information, including company letterhead. Shred paper and permanently delete all your data from unwanted computers, tablets, mobile phones, memory sticks and other electronic devices before you dispose of them.
• Regularly check your company’s registered details and sign up for any services offered by the relevant government agency to protect your business information (such as the PROtected Online Filing or ‘PROOF’ scheme offered by UK Companies House).
• Do not put your company’s bank account details on your website.

Read our factsheet on corporate identity fraud for more information.

Insider fraud

Insider fraud (also called employee, staff or occupational fraud) occurs when a current or former employee steals, alters or destroys business information (such as customer data) or assets (such as computer software or physical assets) for personal gain. It may involve extortion (ie, an employee threatens their employer to obtain money) or collusion (ie, an employee works with another employee or an outside third party to commit the fraud).

Tips to protect your business

• Conduct pre-employment screening on all temporary and permanent staff, and contractors. This should include cleaners, security and reception staff. Be aware that fraudsters may try to obtain entry to your organisation through temporary or contracting roles where screening may be lax or non-existent.
• Terminate an employee’s physical and virtual access to all premises and computer systems as soon as they leave the business, and make sure all business equipment (such as mobile phones and computers) is returned. Escort dismissed employees off the premises.
• Regularly review employee access rights and restrict access to critical systems and/or information to a ‘need-to-know’ basis. Terminate any access that individuals don’t need to perform their daily jobs.

Read our factsheet on pre-employment screening for more information on the checks that should be conducted on prospective employees.

Invoice fraud

Invoice fraud usually occurs when a supplier (who may be genuine or fake) submits a false or inflated invoice for goods and services. Sometimes a fraudster will impersonate a genuine supplier to request changes to bank account details, in order to divert future payments to their own account.

Alternatively a dishonest employee may set up a dummy supplier account and then submit (and authorise) an invoice for payment to their personal bank account or to someone else’s (such as a friend or relative).

Tips to protect your business

• Check invoices thoroughly before authorising payment, to ensure that they are from genuine suppliers and that the bank account details, amounts being claimed, and description of the goods and services match your records and purchase orders.
• Contact suppliers using phone numbers independently obtained to confirm ‘change of account’ requests received in their name.
• Introduce robust verification processes (such as a dual authorisation process) to change supplier account details in your accounting system and for large payments.
• Inform suppliers when a payment has been made.

Read our factsheet on supplier and outsourcing fraud for more information on the fraud risks in the procurement lifecycle.

A part-qualified accountant in a small consultancy firm used false invoicing, false salary payments and other acts of fraudulent accounting to steal £700,000 from his employer. The crime was uncovered by the business owner but not before the fraudster had fled abroad, taking the money with him.

Premium rate fraud

Premium rate fraud (also called PBX or dial-through fraud) occurs when a fraudster hacks into an organisation’s phone system and uses it to make high-volume calls to premium rate or overseas numbers. Calls usually take place outside normal opening hours (eg, public holidays, weekends or evenings).

Small and medium-sized businesses, charities and schools are often targeted by this scam.

Tips to protect your business

• Use strong passwords/PINS on your voicemail systems and change them regularly.
• Ask your telephone provider to block all premium-rate numbers (both national and international) and/or outbound calls at certain times (ie, when your business is closed).
• Regularly review your call logs to identify any increased use and/or unusual call activity.

A grant-making charity became a victim of a premium-rate fraud which left its confidential helpline down for two days. Hackers cracked voicemail codes over the weekend and then dialled a premium-rate number, racking up a bill of almost £5,000 in just a few hours. Luckily the charity’s telephone provider noticed the unusual activity and blocked calls before more money was lost.