Fake emails are still a major problem for business owners, bookkeepers and accountants.
With so much awareness now on fake emails, I naively thought that people being duped by spam emails was a thing of the past. However, a recent article on Facebook highlighted the severity of the problem in all industries, including mine.
The conversation started on Facebook… “OMG I have just paid £25k on behalf of a client and just found out it was a fictitious company….”
It is common for accountants to make payments on behalf of their clients. In this instance the accountant in question received an email, which looked genuine, requesting payment. The scammers found the accountants’ email address from their website (which wasn’t too difficult). The accountant made the payment and is obviously now mortified that it was a fake email. They are currently waiting to see if the bank can recover the money.
What concerned me the most about this story was that it wasn’t an isolated incident. From reviewing the comments on the post, it appears that many other accountants and businesses have also been duped; it is a common problem. Just some other examples:
- Scammers have been hacking and intercepting emails and changing bank details
- Fake invoices have been sent from genuine looking companies that the recipient is aware of
- Arrow Inc lost $13m after a fraudster posed as a company executive and transferred money from the corporate bank account to an external one
- Even Google and Facebook have been targeted and they have now improved their internal systems to make sure it doesn’t happen again.
Don’t be a victim of fake emails
It is increasingly important that you and your team are aware of the severity of spam emails. Fraudulent emails are becoming more and more sophisticated and it is important that your team can spot them:
Questions to ask:
- Is it from a genuine email address?
- Does it have many spelling and grammatical mistakes?
- Does it ask for personal information?
- Does the branding look legitimate?
- Is the linked website or any hyperlinks legitimate? (often if you hover over the hyperlink the address that appears is different from the address that appears in the email)
Read more at How to spot an email scam.
I also advise, especially regarding payments, if it is over a certain amount that you update your internal processes to get the payment authorised by two people.
Fraudulent emails from HMRC
In addition to generic email fraud; we have had situations where our clients have been duped by emails that they thought were from HMRC. In this scenario we have a separate article: Beware of Fraudulent Emails “From HMRC”, which covers what you need to look out for.