How to avoid a banking scam

A typical scenario involves a fraudster hacking a business email account, observing email traffic for days (if not weeks) and waiting until a payment is due. At that point, the fraudster will send an email with a false account for payment and wait for the money to arrive.

The mechanism sounds simple but the emails can be very persuasive. Transfers are said to be time-critical, with payment requests sent at the end of the day or close to a monthly billing deadline. The most sophisticated fraudsters will observe communication styles, tone and language, and replicate them in their false emails. Email signatures will be copied and social engineering used for extra credibility. There is no catch-all way to prevent these frauds, but there are a number of things you can do that will go a long way to reduce the risk.

Trust nobody

Approach emails and phone calls with some scepticism. Are long-term suppliers suddenly changing bank details? Do individuals sound like you would expect them to on the phone? A recent case I worked on involved a call with someone who the client knew came from a part of the UK with a distinctive accent, but who did not speak like this on the phone (they were actually talking to the fraudster). Don't be afraid to challenge individuals or query the position.

Take your time

Do not be rushed into making decisions. A sub-category of these scams is a phone call from a bank stating that a business account is compromised and money needs to be moved urgently. The calls look like they are from the fraud number associated with the bank, and the caller often has further information, such as the last transaction or other account details. The calls will often involve significant pressure ("the money needs to be moved now or it will be lost"). Do not allow yourself to make decisions on a time-critical basis. No bank will call you and ask you to move money, and bank staff are trained not to pressure customers in this way.

Check your tech

Make sure your IT systems are protected. It seems obvious, but it's easy to fall down here. Antivirus protection should be up to date and, crucially, staff should be trained to use only secure passwords and to be aware that a common tactic used by fraudsters is to send an email, supposedly from IT or a senior member of the business, asking for log-in details.

Find your weak points

Examine your systems and procedures. Can one individual make significant transfers of cash without a second reviewing the payment? Does that make that individual a weak point in any protection? Should you consider changing procedures and policies to reflect this?

Check and verify

Always try and confirm bank details through a phone call. Do not use the number in email signatures, but go through the switchboard of a company by locating the number on its website. It's laborious, but it's the most effective way of reducing this kind of fraud. Take the time to do it, or face the prospect of dealing with a banking scam nightmare.

Dan Dodman is a partner in the dispute resolution team at Goodman Derrick www.gdlaw.co.uk

Photo: Gorodenkoff/shutterstock.com