Watch out, watch out, there’s a fraudster about ! bowers.law’s Top (Practical) Tips to minimising fraud risk
Whilst most of us are doing our level best to adapt to new ways of remote working and increasingly having to rely on IT to enable us to communicate more effectively with colleagues, clients and service providers who also doing their best to work remotely without negatively impacting productivity, the baddies are out there looking for ways to infiltrate our increasingly over-worked, under-protected and vulnerable computer systems, and to take advantage of gaps in compliance and of a general (almost enforced) malaise of ‘taking an eye off the ball’ in terms of the detail of doing business. In this Room 228 Newsletter, we list practical ways of minimising your risk of joining the ever-increasing number of victims of business fraud…
Following our recent Room 228 Newsletter on employee fraud https://bowers.law/why-do-employees-commit-fraud/ , here are our Top (Practical) Tips (in no particular order) for basic steps to take to protect yourself from the fraudsters:
- never comply with an email request to change payment instructions without first checking the authenticity of the request (usually by actually speaking to the payee, not by email)
- always take a close look at email addresses asking you to change payment instructions, as they will often contain one or two different characters to the genuine sender email address;
- look out for spelling mistakes and typos in suspect emails (usually a dead giveaway);
- make sure your team knows not to open suspect emails from unknown senders, and especially not suspect attachments which generally offer tempting ‘free stuff’
- ensure effective implementation and compliance with internal policies and controls in respect of external payments
- take a closer look than usual at letters and emails you receive to see if they actually include the name and address of a company and the name of the sender employee;
- check out the street address of the sender company to see if it actually exists – a ‘virtual’ office doesn’t count;
- if dealing with multiple companies with the same or similar names, ask for confirmation of the specific company you’re dealing with and in which jurisdiction
- check that the name of the contracting party corresponds exactly with the name of the party who you’ve been corresponding with
- if doing business with a:
- company, ask for the company’s latest Annual Return (or similar corporate filing in its home jurisdiction) which should record the company’s (i) company number (ii) registered office (iii) shareholders (iv) directors (v) company secretary, and (vi) paid up capital, and a copy of its business registration certificate (or similar document)
- sole proprietor, ask for a copy of the business registration certificate and his/her ID and proof of current residential address
- partnership, ask for a list of the partners together with their ID and proof of current residential addresses, and business registration certificate
- individual, ask for his/her ID and proof of current residential address
- install a 2 stage authentication process for remote users of your IT systems
- change / regularly update your computer firewalls
- review your insurance cover – computer insurance for hacking / malware etc and crimes insurance for email / banking fraud
If you do discover that you’ve become a victim of any kind of fraud, the not-so-secret secret to maximising your prospects of recovering your misappropriated funds or minimising your financial exposure is to act DECISIVELY and to act FAST – make a report to law enforcement agencies and insurers just as soon as you can. If the police won’t take action to ‘freeze’ the bank account controlled by the fraudsters which now contains your money, instruct your lawyer to apply for and obtain a ‘freezing’ court order as soon as possible. Sitting on the problem will invariably only make the situation worse, and almost certainly allow the fraudsters to get away with your hard-earned money.
Please contact Kevin or Derek at firstname.lastname@example.org or email@example.com if you have any questions about this Room 228 Newsletter.
This Newsletter is not intended to be and should not be relied on as legal advice. You should seek professional legal advice before taking any action in relation to the subject-matter of this Newsletter.