Firms cash to fraudsters

“Hi, are you busy? I need you to process a wire transfer for me urgently. Let me know when you are free so I can send the beneficiary’s details. Thanks.”

Many of us would jump to it, eager to please.

But this message has all the hallmarks of CEO fraud, one of the most common forms of business email fraud targeting thousands of companies around the world every day.

Last year, Barbie manufacturer Mattel sent more than $3m (£2.3m) to a fraudulent account in China, after a finance executive was fooled by a message supposedly sent by new chief executive Christopher Sinclair.

Mattel eventually got its money back from China – where the company has significant business interests – but most companies usually have to take the hit after falling victim.

Earlier this year, for example, Austrian aerospace parts maker FACC fired its president and chief financial officer after losing a thumping €42m (£36m) in a business email fraud.

Some smaller companies targeted have gone bust as a result.

“Criminals have realised that hitting businesses rather than individuals can mean much bigger wins,” says Orla Cox, director of security response at cyber security specialist Symantec.

The US Federal Bureau of Investigation (FBI) says CEO fraud has shot up by 270% since January 2015 and has cost businesses around the world at least $3bn (£2.3bn) over the past three years.

Out of control

Simply tricking companies into sending invoice payments to the wrong people costs UK companies about £9bn a year, according to research from invoicing company Tungsten Network.

And procurement fraud – charging for stuff that was never delivered; taking a bribe for awarding a contract to a particular supplier; or encouraging suppliers to charge over the odds then creaming off the difference – accounts for 88% of total UK fraud losses.

“Procurement fraud is becoming a big problem, with at least 20% of corporate spend categorised as ‘unmanaged’,” says Philip Letts, chief executive of enterprise services platform, Blur Group.

‘Unmanaged’ means there is insufficient monitoring of the tendering process and whether the terms of the contract have been fulfilled, for example. Quite often smaller jobs are given to suppliers without any written contract at all and paid for cash-in-hand.

“This puts businesses at high risk of procurement fraud,” says Mr Letts.

Lots of such payments add up to a big amount of cash potentially lost down the back of the corporate sofa.

Blur’s platform helps companies find vetted service providers and manage the entire contract from pitch to payment, theoretically making invoice fraud easier to spot and harder to perpetrate.

‘Suspicious’

Most business email fraud is relatively lo-tech, relying on psychological manipulation and people’s willingness to get the job done.

But Jim Wadsworth, managing director at Accura, the data analysis arm of payments giant VocaLink, believes his company’s hi-tech solution could prove the best way to combat it.

Called Accura Invoice Payment Profiling, it is an anti-fraud analytics system that uses VocaLink’s massive store of payments data to identify and flag fraudulent payments before the money is even transferred.

“We are working with one of the country’s largest banks to prevent these frauds by scanning transactions and contacting the bank directly when we see something suspicious,” Mr Wadsworth says.