Compared to last year, the volume of fraud schemes against companies has doubled, according to the observations of SEB banka’s Security Department. In recent weeks, payroll fraud has increased in particular: fraudsters posing as company employees send emails to management asking them to change their payroll account number, in order to actually transfer money to fraudulent accounts. In some cases, it has also succeeded.
The scheme targets both public and private companies and institutions – anyone who pays salaries can actually become a victim. Most fraudulent e-mails are received by HR employees and department heads who have access to payroll systems. Fraudsters pretend to be an employee of a company or institution and inform in an e-mail about the desire to receive salary in a new current account. It is not uncommon for fraudsters to gain access to an employee’s email account in advance, so the fraudulent email is indeed sent from the employee’s personal mailbox and the sender’s email address is correct. In addition, scammers also generate new email addresses that may be very similar to the real one.
“Today’s corporate environment faces an ever-increasing threat of fraud and cyber-attacks. Fraud schemes are rapidly changing and becoming more sophisticated, resulting in an increase in the amounts defrauded. The main fraud schemes targeting businesses are fake invoices and requests to change bank account details, such as also pretending to be the head of the company in online channels and phishing, collecting passwords, in order to then realize their financial goals,” says Mārcis Pelcis, head of the Security Department of SEB banka.
He emphasizes that the number of cyber attacks has also increased significantly; most criminals paralyze companies’ IT systems and try to defraud financial funds. The activities of fraudsters and cybercriminals require both businesses and financial institutions to be extra vigilant and require effective countermeasures, so collaboration between businesses and financial institutions is essential to improve prevention and response.
“Cybercriminals are getting smarter and using technological advances to defraud money and steal sensitive information. Therefore, it would be advisable to put in place comprehensive safeguards such as strong authentication, secure devices and consistent monitoring, as well as informing employees about cyber threats and fraud and reporting suspicious incidents, ” calls Mārcis Pelcis.
SEB’s expert recommends what to pay attention to in order to protect your company from fraudsters’ attacks.
- If you receive an e-mail from an employee expressing the desire to change the payroll account, first call the employee and clarify the content of the letter, or contact in person so that he can verbally confirm his request.
- Pay attention to the sender’s email address. Critically evaluate the grammar and structure of the text. Since scammers use translation programs to generate the text, the result may not always be linguistically correct.
- If you suspect that you have become a victim of scammers, clean your computer with an anti-virus program, as e-mails sent by scammers often contain various viruses.
- If you have become a victim of fraud, immediately report it to the bank associated with the company or institution using the contacts listed on the bank’s website. The sooner you contact the bank, the more likely it is that all possible avenues for further abuse of your accounts will be closed.
- Organize regular training for your employees to increase awareness of fraud detection and prevention.
