We all enjoy taking a break over summer, and fraudsters know it too. They use it as an opportunity to target businesses with impersonation scams. In 2022, an average of £130,000 was lost every single day* to this type of threat, so it’s crucial your business is prepared to tackle them.

In this article you’ll discover tips on spotting impersonation scams and three simple steps you can use to help keep your business safe.

*Source: UK Finance Annual Fraud Report 2023 (calculations made from CEO, Invoice and Mandate scams information)

Scammers will impersonate a variety of people and organisations your business interacts with. They may impersonate suppliers, colleagues, or even senior members of staff and will normally do this by sending fake emails asking you to:

• Change supplier account details or contact information
• Update colleague account details for salary payments
• Make a one-off payment to a set of account details

It’s crucial to recognise that these emails will look genuine. Scammers will take the time to use company logos you’re familiar with and will mimic tone of voice. It’s also important to understand that they may be able to intercept and adjust emails, so even perfectly legitimate looking emails could be part of a scam.

If you get an email asking you to do any of these, you should:

• Always treat it as suspicious, even if the email looks convincing or seems urgent
• Always contact the sender independently, using a trusted telephone number, never one contained in the email
• Never make changes until you’ve confirmed it’s genuine

The National Cyber Security Centre recommends a simple and cost-effective framework – people, processes, technology. Embedding this framework into your business can improve your resilience against impersonation scams, and other scam threats your business will face.

People – Scams rely on manipulating people, but colleagues can be a business’ strongest line of defence. If everyone knows what to look out for and what actions to take, they’ll actively be stopping most scams at their root.

Processes – Mistakes will happen and it’s not a case of ‘if’, it’s ‘when’. Having established payment and admin processes that everyone follows creates a critical second layer of defence. For example, making sure two people approve payments, or account detail changes, before they’re made.

Technology – This doesn’t need to be complicated. You can use the Dual Authorisation technology in Bankline to make sure any payments above an amount you pick must be approved by two people.

We hope you found this blog useful. We encourage you to share this information with colleagues as the more people who know what to look out for, the stronger position your business will be in. Together we’ll beat the fraudsters.

You should also visit our security hub or sign up to our free eLearning modules to continue your online security journey.