Frauds reported to Lloyds Banking Group by Commercial customers revealed that
Business Email Compromise (BEC) frauds were behind eight out of ten* fraud
attacks targeting their organisation’s funds. BEC frauds can be exceptionally
convincing because nearly all of the fake email is an exact copy of previous email
conversations a business may have had with a genuine supplier, or between internal
colleagues. Individuals don’t spot it’s a scam and proceed to make a payment to the
fraudster based on the email.
Losing money to a BEC fraud can have a big impact on any school or business and
the amounts can be significant, sometimes £millions. Recommended top tips for
combatting this type of fraud, which I urge you to share with all colleagues in schools:
- Email is not a secure method of communication, be especially careful of those
that contain payment details.
- Always verify any payment information within an email by calling the genuine
supplier or the employee who appears to have sent it, using a phone number
known to be correct (not a number from the email). This is proving a particular
issue where employees are picking up payment related tasks they wouldn’t
normally undertake due to the current climate.
There is also significant increase in the number of phishing emails sent by fraudsters
packaged with COVID-19 themes, so extra caution is needed to avoid opening
malicious email attachments or clicking on links.
As many organisations have worked differently in recent months, we have seen
some cases of internal fraud conducted by employees. Enhanced monitoring and
oversight is essential to spot any unusual activity.
Commercial Fraud Manager
Lloyds Banking Group
6th July 2020
*Data from first four months of 2020.