Can telephone fraudsters withdraw significant amounts of money from a company’s account? They can if the company has not taken sufficient security precautions in advance and its employees do not know what to do in the event of fraud. Companies are growing and becoming more valuable, but this also increases the risks and security concerns, such as the question of whether, in the new circumstances, the right to make transfers from company account can be left to one person.
Statistics show that financial fraud is on the rise this year. In four months, more than 7 million euros were swindled (twice as much as last year), and the banks were able to prevent a further 4.3 million euros in attempted fraud. Most of these cases involved telephone fraud.
Despite these figures, we all know only too well that we cannot be scammed, don’t we? We can tell a fake message from a real one, a fake business partner from a real one, a fake police officer, a fake bank employee or any other fake. It is exactly this conviction that often gets in our way. Phone scammers succeed because of two important factors: they appear very confident and get the victim to act quickly without thinking. The only thing a scammer needs is a voice to convince you that they are taking action against money fraud. Your account is at risk, you need to transfer the money as quickly as possible, we just need access codes to protect it and you need to allow remote access to your computer. Quick, quick, or you will not make it! This is the main approach and plot of phone scammers. The rest for them is done by the victim.
The same applies to companies. Company employee who has right to make payments must be assured that some unscrupulous bank employees intend to steal the company’s money. Therefore, the money must be moved elsewhere as quickly as possible. Quick, quick! This is where the negative public perception of banks comes into play, as it creates a favourable backdrop for the fraudsters to believe their tales. We know of several cases where fraudsters have posed themselves as law enforcement officers supposedly fighting fraud. It works and people are willing to make transfers to the scammers' accounts as if to protect their money.
Businesses should conduct regular cyber security training and talk about how phone scams work, how they should be reported and to whom they should be reported. Most importantly, payments should be authorised by at least two employees. As sales and number of transfers increase, be sure to share the risks, e.g., move from one person making payment decisions to a procedure that involves several people. This not only protects against fraud, but also against mistakes that can happen to any of us. In addition, sharing the risks and responsibilities also protects company employee himself, because it’s not about distrusting your employees, but rather about a much riskier environment in which they work.
Furthermore, companies must never treat cybersecurity and the associated security measures as a formality. Such an attitude is often the basis for the success of fraudsters. A confident company employee who single-handedly manages the company’s accounts and “knows” that nothing of the kind can ever happen to him is the best combination a fraudster could wish for.
Remember that neither the bank nor the police will ever ask you to give anyone your account access or passport details or ask you to transfer money or change your account details in a hurry. Working with the State Police, we have developed a safe code of practise, the “Seven Nos”, to help people avoid scams from callers, traders, and fake financial platforms. When it comes to phone scams, do not trust strangers and do not be pressurised into acting quickly. Even if the scammers threaten you with the loss of money or criminal prosecution, there is no need to rush. It takes time to check the information, call your bank or business partner. Never give out sensitive data such as Smart ID or internet banking access codes, PINs, etc. Do not connect remotely to a computer or smart device. To make sure your money is safe, you must end the conversation and call the bank using the official phone number (and not allow someone to do this remotely).
We must realise that we live in a reality where artificial intelligence is entering with new types of fraud, for example by imitating the voice of a company’s CEO or even the image in a video call. Phone scammers, on the other hand, are improving their methods by understanding what people are afraid of and how they can be intimidated. Being aware of these risks and being informed is half a step towards security. It is therefore the responsibility of organisations to not only take cyber security measures at the IT system level, but also to share the solutions and educate their employees about a world in which we have more and more opportunities, but unfortunately also new threats. As a nation, our security depends on the level of security that each organisation achieves.
Mārcis Pelcis, SEB Head of Security department
