Overlay

Does your business always use call-backs?

If you get a request to make a payment or change the details of a supplier, your business should have a process in place to call-back the supplier using a trusted telephone number. Having a good call-back process could save you thousands. This is because businesses were tricked into paying away £83.3m* in 2023 to scams including invoice redirection and business email compromise

All businesses should establish a direct line of communication with suppliers and include call-backs as part of their payment processes. They can help confirm new payment or change requests, such as a supplier asking you to update their account details or contact details.  

*Source: UK Finance Annual Fraud Report 2024 

Why are call-backs necessary?

They’re crucial because fraudsters will impersonate or intercept emails between you and your payees. Without a reliable way of checking requests are legitimate, you risk sending money to the fraudster.  

It’s crucial to recognise that these emails will look genuine. Fraudsters take the time to use company logos and mimic the tone of voice you’re used to seeing. They may even use artificial intelligence tools to make their fake emails as convincing as possible.

Are your call-backs effective and thorough?

A call-back that isn’t done properly could still leave your business at risk.  

Here’s some common mistakes businesses make when performing call-backs:  

  • Ringing the number in the request - you’ll likely be speaking to the fraudster who’ll confirm the account details as correct, meaning if you then make any payments they’ll go to the fraudster. Always call using an independently sourced, trusted, telephone number. 
  • Assuming a colleague has done a callback – fraudsters may try to convince you that someone else in your business has already completed a call-back. It’s always best to double check yourself. 
  • Not confirming account details – this may seem straight forward, but it’s crucial to confirm account details during your call-back or you leave your business at risk of paying the fraudster. 

What if you can’t call them back?

There may be times where you’re not able to do a call-back, especially if your supplier is from overseas. You should stay cautious, think carefully and check the request has come as an encrypted email, to protect your business from risk. Email encryption is a secure way of protecting emails from being read by those who shouldn’t have access, making sure only the intended recipients have access.

Actions you should take today

If you get any requests to change account details or contact information: 

  • Always treat it as suspicious, even if the email looks convincing or seems urgent.  
  • Always contact the person, or organisation requesting the payment independently, using a trusted telephone number. Never the one contained in the request.  
  • Never make any changes until you’ve confirmed the request is genuine.  

You can help protect your business in three simple steps

The National Cyber Security Centre recommends a simple and cost-effective framework – people, processes, technology. Embedding this framework into your business can improve your resilience against impersonation scams, and other scam threats your business will face. 

  • People – Scams rely on manipulating people, but colleagues can be a business’ strongest line of defence. If everyone knows what to look out for and what actions to take, they’ll actively be stopping most scams at their root. 
  • Processes – Mistakes will happen and it’s not a case of ‘if’, it’s ‘when’. Having established payment and admin processes that everyone follows creates a critical second layer of defence. For example, making sure two people approve payments, or account detail changes, before they’re made. 
  • Technology – This doesn’t need to be complicated. You can use the Dual Authorisation technology in Bankline to make sure any payments above an amount you pick must be approved by two people.

Final thoughts

We hope you found this useful. Please share this information with colleagues. The more people who know what to look out for, the better. Together we’ll beat the fraudsters. 

You should visit our security centre or join a free webinar to find out more about other common threats affecting businesses like yours.

scroll to top