Search

Financial Crime

In the first half of 2023, criminals stole a total of £580 million through fraud and scams, with a continued focus on Social Engineering. Whether you’re looking to protect your business from being hit in an already challenging environment, or are looking for ways to protect yourself and your loved ones from a potentially devastating experience, we’re here for you. Here’s our low down on the latest scams to look out for and our top tips on protecting your personal data and your money.

Why should businesses be concerned?

Fraudsters are turning to more sophisticated methods of scamming businesses out of money, so it really does pay to make sure everyone in your organisation is being vigilant at all times.

Top tips for avoiding fraud in your business 

  • Ensure company procedures are clear and all staff are aware of the common scams detailed below.

  • Make sure that all requests that involve money are double and triple checked before they’re acted upon, even if they appear to be from someone very senior with an urgent request.

  • If you are suspicious about a request, confirm it over the phone, ideally on a number you know is legitimate. Even the suggestion of this could be enough to scare the fraudster away.

  • Scrutinise every communication you get from colleagues and suppliers to ensure nothing seems unusual. If something seems off, it probably is, so trust your instinct.

  • If you do notice something, make sure you report it to the relevant team and let other colleagues who could be at risk know.

  • Remember, it’s better to be safe than sorry. Nobody will be annoyed with you doing your best to protect the company.

Take 5 to stop fraud

We are proud to be part of the UK’s national fraud campaign. In 2020, the finance industry managed to stop £1.6 billion of unauthorised fraud transactions through advanced, innovative systems. However, criminals still successfully stole £1.26 billion through fraud and scams in 2020, which highlights the extent of the problem at hand.

Take 5 offers easy, actionable advice to individuals and businesses to ensure they don’t fall victim to preventable financial fraud. Covering everything from email, phone and online fraud, where criminals impersonate trusted organisations to trick unsuspecting victims to part with their cash and/or personal information, the campaign is intended to remind them to take a step back and really think about what they’re being asked for.

Take 5 To Stop Fraud is led by Financial Fraud Action UK and backed by Her Majesty’s Government, with a range of UK partners in the payment industry, financial services firms, law enforcement agencies, telecommunication providers, commercial, public and third sector organisations.

Common scams to look out for within your business

Back

What is it?

CEO spoofing is when fraudsters impersonate a senior member of staff in order to get employees to send them money. This scam is often successful as employees are reluctant to question the authority of the senior colleague, even if the request seems out of the ordinary.

How can I spot it?

Look for signs that the communication hasn’t come from the person you know. Does the tone seem off? Fraudsters will often add an element of urgency to scare people into acting before they think.

If in any doubt, call them. If it’s a genuine request, they’ll be happy to speak to you about it, and it will no doubt be a much nicer conversation than the one you’d be having after the fraud has taken place.

What should I do if I notice it?

Report it straight away, and make others who may be at risk of being targeted aware of it to make sure nobody else is caught out.

How do I avoid it happening?

If possible, come to an agreement within the organisation that, should a payment need to be made urgently, outside of regular procedures, the request can only be made via phone. That way, if you do receive an email request, you’ll know it’s not genuine right away.

What should I do if I think I’ve already been scammed?

If you think you may have fallen victim to the scam and funds have already been sent, report it immediately to your bank or financial services provider and then contact Action Fraud. It’s also vital to that you let any other relevant colleagues know so that they are aware to be vigilant.

Back

What is it?

Invoice fraud is when a criminal poses as a legitimate supplier to a business in order to divert payments. Criminals who specialise in this type of fraud are often aware of the relationships between companies and their suppliers, knowing when regular payments are due. Equipped with sophisticated information, they make contact with finance teams, posing convincingly as suppliers, having the bank details changed to their own. Payments can sometimes be repeatedly made to them, with the fraud is often only discovered at the point when the legitimate supplier of the product or service chases for non-payment of invoice.

How can I spot it?

It’s very tough to spot as criminals have gotten very good at disguising themselves, but as long as you make sure you check all requests thoroughly you should be able to protect yourself and your company.

What should I do if I notice it?

If you see attempts of invoice fraud coming into your business, it’s vital that you let colleagues know what to look out for themselves – if they’re trying to contact you they’ll be likely trying to contact others within the organisation too.

How do I avoid it happening?

Make sure you have a rigorous procedure in place for validating requests to change supplier bank details. It may feel like a pain for those genuine requests, but it really is better to be safe than sorry because getting those funds back from the fraudulent account is very difficult. Your bank are unlikely to offer a refund for any funds lost.

If a supplier contacts you to make a formal request for bank account details to be changed, always verify with that supplier using their on-file details. It’s important that everyone inside a business is warned of the dangers of invoice fraud, and that everyone knows to always check invoices to identify potentially fraudulent transactions as soon as possible.

What should I do if I think I’ve already been scammed?

If you think you may have fallen victim to a scam and funds have already been sent, report it immediately to your bank or financial services provider and then contact Action Fraud. It’s also vital to that you let any other relevant colleagues know so that they are aware to be vigilant.

Back

What is it?

Phishing is a fraudulent attempt to gather sensitive information by sending emails that are designed to look as though they’re from a legitimate company. Most people are aware of phishing within their personal email accounts but it’s not as recognisable when it comes to business, though it is still a very common way of fraudsters committing their crimes, so it should be front of mind. Attackers often used a trusted brand to hide behind as they try to get you to reveal information such as usernames, passwords and credit card details.

How can I spot it?

Always read electronic communications carefully. If you spot anything that’s out of the ordinary, such as a spelling mistake or an apparent lack of personalisation (ie referring to you as a valued customer instead of by your name), be careful. Also, compare this communication against previous genuine ones if you still have them stored – have they changed their approach? Their branding? Their tone of voice? If so, proceed with caution.

If there’s any doubt about it, don’t do what the communication asks of you. Either call the company directly on a number you know is legitimate (not one provided on the email) and never click links or open attachments. Whatever the communication is, you should be able to find reference to it some other way, whether that’s by visiting the company’s website directly or speaking to them on the phone.

What should I do if I notice it?

If you do notice anything suspicious, the main thing is not to click any links, call any numbers or open any attachments. This is how they gather the information from you. Instead, report it to your information security or IT department. If your business doesn’t have anyone internally who would deal with this, report it as spam in your email client.

How do I avoid it happening?

Report it to the relevant department, they may be able to blacklist senders, the best advice in this case is just to remain vigilant to avoid getting caught out.

What should I do if I have already clicked and responded?

If you have already given your personal details away, including any bank account information, contact the fraud team of the associated bank for advice and to alert them. You can also request a protective registration marker be placed on your credit file, this will ensure you are alerted should any new applications be made using your details. Please visit Cifas.

Back

What is it?

In an authorised push payment scam, a fraudster tricks their victim into sending money directly from their bank account to an account which is controlled by a criminal.

This is usually done by the fraudsters deceiving their victim, persuading them that they are speaking to a trusted organisation, such as their bank or the police. This is a crucial factor in the success of their scams. Typically, they contact their target through a number of channels including telephone, email and text message.

In some cases fraudsters will trick their victims into believing that their business bank account is at risk and that they need the online password and security token responses in order to ‘protect the account’. This then allows the fraudster direct access to transfer funds from the victims account.

Once the fraudster has successfully managed to gain access funds, they will remove these from the criminally controlled account immediately. This often involves sending the funds onwards to multiple other accounts, making the money harder to trace and recover.

If a customer authorises the payment themselves or releases their confidential online security credentials and passwords, current legislation means that they have no legal protection to cover them for losses.

How can I spot it?

Just because someone knows some details regarding your business - such as the address, your relationship manager or suppliers – does not mean they are genuine.

Banks or trusted organisations will never contact you asking for your online security credentials including full password, or to transfer money to a safe account. Never give out your personal or financial details unless you are absolutely sure you know who you are dealing with. Always question uninvited approaches asking for information – it could be a scam. Instead, contact the company directly using a trusted email or phone number to check the request is genuine.

What should I do if I notice it?

If you think there has been fraud on your bank account – or if you suspect anyone has attempted to compromise your financial details – report it immediately to your bank or financial services provider and then contact Action Fraud.

How do I avoid it happening?

Trust your instincts: If something feels wrong then it is usually right to question it, if you feel under pressure to act quickly then this can be a warning sign something isn’t right. Stay in control: Be confident - refuse unusual requests for personal or financial information. It’s okay to stop the discussion if you do not feel in control of it. Crucially, ensure that any colleagues in your own business with financial control are aware of the risks and would know how to spot something suspicious.

How to report fraud

Get in touch with us right away if you think you’ve fallen victim to fraud. Please see the options below:

I am suspicious about an email I have received which purports to be from Novuna

Report the email via: phishing@novuna.co.uk. Please visit our guide for more information on how to report a phishing email safely.

Back

I have received a letter of decline regarding an application that I have not made for a Novuna product

Please contact the correct business location the letter was sent from:

Back

I have been the victim of fraud and you are requesting information from me, how will this information be used and why do you need it?

Back

I have identified a Novuna Personal Finance loan on my credit file that I do not recognise

  • Please contact us on 0344 375 5500 immediately to discuss this further.
Back

I am receiving arrears letters for a Novuna account that I do not recognise

Please contact the correct location the letter was sent from:

Back

I have been the victim of fraud or a scam and I have some evidence I want to share with you. How can I send this safely?

We have prepared a step-by-step guide to help you report a phishing email safely. This covers how to share evidence with phishing@novuna.co.uk from different email service providers.

Back