When building a fledgling business, founders inevitably spend far more time on innovation and growth than on protecting their company from risks. Still, even the most digitally savvy startups and founders can fall victim to fraud.

For small and growing businesses, fraud can be fatal; as it not only damages a business’s finances but can also harm its reputation.

Thankfully, even first-time business leaders, with limited resources and seemingly endless to-do lists, can mitigate this threat through careful planning. The key is to be aware and know what to look out for.

According to the UK Metropolitan Police, business fraud is the intent or the act of misrepresentation to cause a gain or loss¹. In short, these fraudsters are trying to scam money from your business.

These crimes don’t discriminate by geography, industry or business size, and are becoming increasingly sophisticated thanks to advancing technology. To make matters worse, fraudsters can come from anywhere. They can be people associated with a business, including employees, customers and suppliers, or unconnected third parties.

The consequences of business fraud can be severe – particularly for start-ups which may have limited cash flow – but the damage can go beyond financial loss. Fraud can tarnish brand reputation, damage relationships with key stakeholders, and dent staff morale.

So, what are the most common types of fraud to be aware of?

Becoming familiar with the various tactics used by fraudsters can be an important first step in helping you anticipate the warning signs and implement preventative measures. Here are some common scams and how they might impact your business.

• Phishing, Vishing and SMShing
  These are all types of cyber-attacks where fraudsters contact their victims via text (SMShing), email (phishing) or on the telephone (vishing), posing as someone from a legitimate organisation, sometimes even your own, in the attempt to obtain sensitive data such as banking details, passwords or employee personal data (things like date of birth or address) which they then use to infiltrate your business systems.
• Malware alerts
  This form of cybercrime involves a type of software designed to cause damage to computers, systems and other software. There are various types, all with the same intention – to allow criminals to extract data or force companies into a position where they are unable to conduct their business. This can also be known as ransomware – where the attacker demands payment to remedy the damage.
• Baiting
  This cybercrime involves fraudsters using enticing ads, music or promotions which contain malware. The ‘bait’ can also be in a physical form, such as media storage/external drives that, when used by individuals, infect their computer with malware.
• Scareware
  Another type of cyber fraud, scareware involves victims being bombarded with false alarms and fictitious threats (normally appearing as pop-ups). Users consequently believe their systems have been infected with malware, prompting them to install software which is itself malware. This enables fraudsters to access sensitive data.
• Invoice fraud
  This is where a criminal poses as a regular supplier and sends an email asking for their bank account details to be changed, thereby tricking the victim into sending money to the fraudster’s account rather than the genuine supplier. These fraudsters take time to build up knowledge about their targets, including scanning websites for details of genuine suppliers that they use to make their approach more credible.
• Card fraud
  Card fraud involves the compromise of any personal information from credit, debit or store cards, as well as the physical theft of a card. Fraudsters use this information to purchase goods in your name or obtain unauthorised funds from an account. Cards can also be abused internally by employees purchasing personal goods using a company card; this is known as internal fraud. Another example of card fraud is ‘person not present’ card fraud, in which a fraudster poses as a known contact to take card payment details over the phone.
• Purchase fraud
  In this instance, fraudsters create websites which appear legitimate to trick buyers into purchasing products and services which don’t really exist. These websites even have contact details listed to answer queries you may have about your potential order, helping them to appear as if they are a legitimate supplier.
• CEO fraud
  Here, a fraudster impersonates a senior person in the company, instructing a staff member to either make an urgent payment or change payment details for an employee, contract or supplier. Fraudsters use sophisticated techniques such as hacking or spoofing software to access emails / systems and obtain key information. This helps to make the email request appear convincing and genuine to the receiver.
• Authorised push payment (APP) scams
  APP scams happen when the victim is tricked into sending money to a fraudster posing as a genuine payee. This deception leads the victim to authorise a payment to a fraudulent account, which they believe is going to a genuine recipient. With APP scams, criminals often try to persuade you to take action in a hurry.

Artificial intelligence (AI) is now being used by fraudsters looking for a potentially cheaper and easier way to pull off scams at scale.

Generative AI tools in particular mean that fraudsters can now create deepfake videos, replicate voices and forge compelling, fictitious documents that may be more difficult to differentiate from the real thing.

Worryingly, Deloitte’s Center for Financial Services predicts that gen AI-enabled email fraud alone could enable fraud losses to total up to about $11.5 billion by 2027².

Combatting these increasingly sophisticated scams requires business leaders to stay up to speed with advancing tech threats, and empowering teams to do the same.

Founders could consider and approach that couples self-learning with protective tech solutions. to pre-empt attacks. This might include attending courses, webinars and reading various new stories and articles online. You could also work with key partners, like your financial and IT partners, to increase resilience against AI-enabled fraud.

Although there’s no single solution to prevent business fraud, there are ways you can mitigate these risks and help keep your business safe.

Implementing strong internal controls and procedures is a good starting point, irrespective of the size of your business. Identify areas where you may be vulnerable to fraud and implement clear and transparent policies that align with your business activities rather than inhibit them. This could include robust background checks of all associates and implementing AI-enhanced cybersecurity measures. It’s also wise to look beyond your organisation to consider your key stakeholders.

Security measures should then be monitored and updated at regular intervals to ensure they are effective and reflect emerging threats. Consider discussing challenges with trusted peers in your network. That way, you can increase your knowledge of the threats impacting your industry and help others to do the same. Finally, the buck shouldn’t stop with you as founder. Make sure your entire team is aware of this risk and the different types of fraud, instil good avoidance practices and give everyone the tools to respond to risks should they occur.

 Tips for good practice include:

• Paying close attention to email addresses to ensure they remain the same during any correspondence with third parties.
• Being cautious of unexpected phone calls, texts and emails from suppliers requesting a change in account details and asking for payments to be made urgently, late or sudden requests to change bank account details.
• Contacting the genuine payees to confirm account details – making sure trusted contact details are used rather than any telephone number or email address included in the payment request.
• Utilising two factor authentication within internal processes: This is a security measure that requires an additional layer of verification. In recent times, this is some sort of biometric authentication such as fingerprint, voice or facial recognition.

Your banking partner can also provide tools to help protect your business from fraud. For example, using dual transaction authorisation in your online banking platforms provides an opportunity to think about the authenticity of the payment request. It reduces the risk of internal fraud, the potential for human error and the risks posed by cybercriminals, who may target your IT equipment to make transactions.

The most important thing to remember is that in seeking to avoid fraud, awareness, coherent policies and the right behaviours are your friends. So, make sure your business is well prepared.