Due to the COVID-19 lockdown situation, remote working has become the trend in the business world. If you’re a small business owner or a small business accountant in London you must have already gotten familiar with the norm and started working remotely through your computers or smartphones. This has made your working process more comfortable and convenient as you’re working from home now. 

But the convenience of working remotely also drags you to the situation where you need to secure your systems and information, just as you would in the office. This is crucially important at the moment, as fraudsters and cybercriminals are taking advantage of the coronavirus pandemic situation. 

With a view to help the readers become aware of the situation, team Taj Accountants has listed the risks for your business and provided you a guide on what you can do to combat the situation. 

Fraud Calls

Fraudsters and cybercriminals may contact you by phone where they call and claim that they’re from the bank, the police, an IT company or another official organisation or company that you trust. Fraudulents like these are known as ‘Vishing’.

Through Vishing, the frauds may try to get you to reveal confidential information such as your account details, PINs and passwords. They’d make it look as if they’re trying to get a ‘problem’ resolved. In some cases you might only get a ‘warm up’ call where they might not ask you for any information to discuss but again they’ll make a call where they’re likely to ask for information and they’ll use the information to access your accounts and transfer funds. In some other cases you might get asked to make payments to either “protect your funds” or to “test” your profile. The fraudsters may use the following excuses to get your information:

• There’s a problem with your account that requires urgent action.
• There’s been some suspicious activity on your accounts.
• There’s malware on your computer.
• They’re investigating fraud by bank staff.

By following the measures you can protect yourself and your business from Vishing: 

• Be more careful about all the unsolicited phone calls and hang up if necessary.
• Under any circumstances, never disclose any codes, passwords or PINs no matter how much the caller makes it sound like they’re from the bank or any of you fellow companies.
• You’ll never be asked to transfer funds by either the bank or the police so, don’t make any payments. Instead, end the call and contact the bank using a separate device which does not contain any personal information that may harm your security measures. 
• Do not accept any vague requests from the caller that asks you to download software that connects to your computer or smartphone
• To make you believe the call is genuine, fraudsters can spoof your Caller ID to display a recognised number. So beware of that.
• Verify the caller using an independently checked phone number such as a contact number from their website, if you receive a suspicious or unexpected call. Again, if possible, use a seperate phone for safety measures. 

Email Scams

There might also have been an email sent to your address by cybercriminals impersonating to be the UK government or your well known companies such as banks. This sort of contact made by email is called ‘Phishing’. 

The purpose of such emails is to get you to click on a link and enter personal details or open/download an attachment. The email may obtain some requests that might encourage you to take an action such as ‘Verify your details or your account will be locked’ or ‘Click the below to gain access to your account’. 

Follow the preventive measures down below to protect yourself and your business from Phishing:

• First of all, check if the email address is the usual one that your familiar company always uses to inform you. 
• The fraudsters might send the same email to a lot of addresses at the same time so they might not contain any personalised information and will use terms such as ‘Dear valued customer’. So, check for personalization that contains information such as your name, postcode or part of your account number.
• Do a thorough reading and look for unfamiliar language or tone that might be suspicious.
• Never respond to any suspicious emails and don’t click on any links or attachments within them.
• Beware of clicking on links or downloading a file. Something that asks you to ‘Verify/update your account details’ is likely to lead you to a website where you’ll be asked to fill in your confidential details. DO NOT put your personal information there.
• Always remember that Taj Accountants or other small business accountants in London will never ask you to enter your full PIN and password details onto the website directed by an email. 

CEO Fraud

Fraudsters often imitate the email addresses of the Director, CEO or Chairman to request employees to make an urgent payment. These activities of sending bogus emails saying that the payment is needed due to exceptional circumstances and needs to be carried out immediately are known as ‘Spoofing’ 

To make the email look genuine, the fraudsters might do an in-depth research of your company or they may hack into a user's email account directly. You or your employees might think it as an authentic email and make immediate payment out of pressure of being sent by a senior director or CEO. But beware and follow the guidance below and save yourself and your company from a loss: 

• Contact the senior immediately if the email asks you about any information or make any payment requests. 
• While contacting, don’t use any contact numbers given in the email, insead use the regular number that you always have been using. 
• Even if they are from someone senior, challenge and question these types of requests. 
• Construct a specific documented process for any arrangement of payments. And treat any requests outside this process as a suspicion until it’s verified with the individual directly.
• Make sure to strengthen your passwords for access to email accounts. To make it strengthened, avoid common phrases and avoid using the same password for everything. A strong password should contain a mixture of upper and lower case letters, numbers and special characters.
• Enable dual authorisation for payments if you are a Bankline user. This will make the payments be approved by a second user before it is sent. Also, a Bankline user should control which employees are able to make payments by reviewing and maintaining user roles and privileges including setting payment limits.
• Lastly but most importantly, ensure all staff are aware of this type of fraud and to remain vigilant, including the senior directors and CEO. Furthur make sure that your team is comfortable to make an approach to senior members in case they want to verify anything. 

Invoice Redirection

Invoice redirections are sent as an email or on headed notepaper including official logos, letterheads and signatures which looks as convincing as possible. In such cases, fraudsters pretend to be a creditor or supplier and let you know their company’s bank details have changed. To make it look as authentic as possible; they do a thorough research on whom to contact to make the request to make a change, they also analyse which supplier you might use to make the request. Then they’ll ask you to make all future payments to a new sort code and account number. If you fall under this trap and change the details, it will go directly to the fraudster. 

Here’s how you can protect yourself and your business from Invoice Redirection: 

• You need to watchfully check and challenge any request that asks you to change account details.
• Before making any changes contact your suppliers and creditors to confirm whether or not the request came from their sources.
• To contact your suppliers and creditors use the existing contact details which you generally use to reach out to them. 
• When you’re assured and the payment has been made, don’t forget to again confirm it from them. Call your suppliers and creditors and be sure that the intended beneficiary has been received. 
• Remind your employees to be extra vigilant about reporting suspicious activity and following processes.
• To be on the safer side, enable dual authorisation for payments that changes to payment Templates and Bulk lists if you are a Bankline user. This will make the payments and changes be approved by a second user before taking an effect. 
• No matter how urgent they make it sound, always ensure the authenticity before making any changes to payment details.

We’re Here to Support 

In the past few weeks there have been numerous scams occurring related to COVID-19, from emails and messages leading to fake landing pages and malicious downloads. Cybersecurity providers that look out for such activities have identified an influx of new website domains relating to COVID-19, since the outbreak gained worldwide traction. According to the National Fraud Intelligence Bureau, coronavirus-related fraud reports increased 400% in March 2020. 

Taj Accountants understand your concern regarding all the issues you're facing due to the COVID-19 outbreak. So, we’re here to help you and your employees through the tough time. If you’re concerned regarding the impact of the outbreak on your business and its cash-flow, feel free to contact us. We offer outstanding accounting and taxation advice to corporates, as well as individuals. Our client base ranges from individuals who are seeking general accounting and taxation advice to sole traders, limited companies or partnerships. We also make sure to keep you updated through our blogs.

FAQ

How do I keep my unused cards safe from fraudsters? 

If you know you won’t be using your debit card or Mastercard credit card for a while then make sure nobody else is using it. Many lenders offer you deactivation options for the cards, so make sure to deactivate/lock your cards if you can. 

What should I do if I lock my card and then realise my card is lost or stolen?

You will need to contact the Credit Cards Customer Service team on 0345 300 3694 in the UK or +44 1268 500 813 from overseas.

If I am a secondary card holder, will I be able to lock/unlock my card?

Only the primary card holder will be able to add this feature, however the secondary cardholders card will be subject to the same controls.

DISCLAIMER: The purpose of the blog is to provide information and insight regarding the situation. The readers must contact experts before making any decisions based on the information. We highly appreciate you to contact Taj Accountants for further assistance.