Fraud Prevention Centre

Cyber fraud is widespread due to the increasing use of social media, reliance on electronic devices and the ease with which fraudsters can manipulate these platforms by mimicking human interactions.

Fraudsters utilise various techniques such as social engineering to deceive and manipulate victims ​into​​ ​ performing actions such as providing confidential information or initiating fraudulent payments.

Below are the different types of cyber fraud which may be used in conjunction with or as a facilitator to CEO, invoice and card fraud.



Top ​t​ips to reduce the risk of being a victim of cyber fraud:

• Don’t open emails and attachments from suspicious sources 
• Be wary of tempting offers – ​i​f an offer sounds too enticing, think twice before accepting it and conduct open-source research to help you quickly determine whether you are dealing with a legitimate offer or not
• Keep your antivirus/anti-malware software updated as this is vital to protect your systems and business against malware attacks
• Beware of downloads as these could contain malware, always check with your IT administrator if you are unsure
• Spot the signs of your computer being infected, examples include,​ ​crashing/freezing and general poor performance

If you believe you have been a victim of cyber fraud, please contact us immediately on our UK Client Services line 0800 023 1441 or +44 (020) 7367 7881 if calling outside the UK.

This occurs when a fraudster impersonates a senior person in the company instructing a staff member to either make an urgent payment or change payment details for an employee, contract, or supplier.

Fraudsters use sophisticated techniques such as hacking or spoofing software to access emails/systems and obtain key information. This helps to make the email request look as convincing as possible and hence will appear genuine to the receiver.

Fraudsters take time to build up knowledge about your business and the senior people within it to help improve the chances of their scam being a success. This could include scanning your website or any social media account (such as LinkedIn or Instagram) for details of genuine suppliers or employees that they can use to their advantage to make any email they send more credible.

What to look out for:

• Urgency for the payment to be made as fraudsters will apply pressure to ensure the request is completed ASAP to avoid detection
• Request is from a senior person in the company and someone that may not have made such requests previously or wouldn’t do so, hence it appears out of character
• The tone and style of the email is different from the person you usually receive this type of request from
• The person asks you to change the banking details of an existing supplier or employee
• The email address is one you don’t recognise
• The style and format of the email looks suspicious, check logos and email signatures

Top tips to reduce the risk of being a victim of CEO fraud:

• Confirm urgent payment requests directly with your colleague in person or over the phone using the details within your internal databases and not those on the email as they could be fake
• Be alert to unexpected emails or letters requesting urgent payment, even if it appears to be sent from someone within your business
• Consider the type of information you share online about your business/employees
• Educate all employees on the risks of CEO fraud
• Ensure employees feel comfortable approaching senior staff to verify payment requests
• Ensure all staff check for irregularities before processing payments and changing bank details and where possible ensure two people independently review the payment details
• Check your business’s bank statements carefully and report suspicious debits to SVB immediately
• If the payment request cannot be validated, then you should not proceed and report the matter to SVB as suspected fraud

If you believe you have been a victim of CEO fraud, please contact us immediately on our UK Client Services line 0800 023 1441 or +44 (020) 7367 7881 if calling outside the UK.

This is where a criminal poses as one of your regular suppliers and sends an email asking you to change the bank account details that you already hold on file for them.

You are then tricked into sending money to the new account which is controlled by the fraudster rather than the genuine supplier.

Fraudsters take time to build up knowledge about your business to improve the chances of the fraud being successful. This could include scanning your website for details of genuine suppliers that they can use to their advantage to make any email they send more credible.

This type of fraud is often only discovered when your legitimate supplier chases you for non-payment making the recovery of funds from the fraudulent account very difficult.

What to look out for:

• An unexpected request to change the bank details of an existing supplier
• You receive more frequent than usual or duplicate invoices for a product or service
• The style and format of invoices sent by the fraudster may look different to previous ones
• The ‘new’ bank account details provided may look out of character, for example, a large supplier such as Dell, is very unlikely to bank with a smaller financial institution such as Monzo
• The invoiced amount looks out of character for the services provided i.e., would it make sense for a £10,000 payment to be made for party supplies

Top ​t​ips to reduce the risk being a victim of invoice and mandate fraud:

• Confirm supplier bank details directly with suppliers using their established on-file details before any payments are made
• Make sure you follow your usual payment process even if it’s urgent and where possible ensure two people independently review the payment details
• Ensure that all staff who process supplier invoices or can change bank details are adequately trained to check for irregularities in supplier details including changes to supplier names, addresses and invoiced amounts

If you believe you have been a victim of invoice and mandate fraud, please contact us immediately on our UK Client Services line 0800 023 1441 or +44 (020) 7367 7881 if calling outside the UK.

There is an entire criminal industry focused on obtaining personal and card data which is then used to access fraudulent funds. This is card fraud, also commonly referred to as ‘Plastic Fraud’. It involves the compromise of any personal information from credit, debit, or store cards as well as the physical theft of a card.

Fraudsters will then use this information to purchase goods in your name or obtain unauthorised funds from an account.

Plastic card fraud can also include counterfeit card fraud and ‘card not present’ fraud, such as the use of a card online, over the phone or by mail order.

Cards could also be abused internally if employees purchase personal goods using the company card, this is known as internal fraud.

What to look out for:

• New cards ordered but not approved by a mandated requestor within your company
• Genuine cards ordered but not received after a few weeks which could indicate card interception
• Concerns that you may have been a victim of Phishing, Vishing and SMShing where fraudsters will contact you via text, email or telephone posing as someone from a legitimate organisation. You may have been deceived into providing sensitive data such as banking details, passwords and personal data such as DOB, address etc
• When making a payment you see pop up asking you to click on a link that appears out of character, this could indicate that your computer has been infected with malware

Top tips to reduce the risk of being a victim of card fraud:

When online:

• Only transact on websites with 'https' in the address bar; the 's' means the webpage is secure
• Only enter your card details on a webpage if you see a padlock symbol in your browser. This is another sign that the site is secure

In person:

• Never write down your PIN
• Never share your card/PIN with anyone including via email or pictures
• Only provide your card details via telephone to trusted suppliers/individuals

Card admin:

• Regularly reconcile statements for cards to make sure there are no unauthorised transactions
• Ensure you have assigned credit or transaction limits for dedicated card holders within your business
• Cancel cards for any employees no longer with the business and review the requirement for current employees to have cards if they do not use them
• Never share your card with others and if there is a need for additional cards then these requests should be submitted to SVB as normal

If you believe you have already been the victim of card fraud, please contact us immediately on our UK Card Services line 0800 023 1062 or +44 (020) 7367 7852 if calling from outside the UK (24 hours a day).

Fraudsters will create websites which appear legitimate to trick buyers into purchasing products and services which don’t really exist.

These websites will even have contact details listed to answer queries you may have about your potential order, helping them to appear as if they are a legitimate supplier.

Similar to invoice and mandate fraud, this type of fraud is generally discovered after the payment has been made. At this point illegitimate suppliers have stopped communicating with you, and the products or services you were promised have not arrived as they don’t exist.

What to look out for:

• Products and services offered at a largely discounted price compared to competitors
• You are asked to pay via bank transfer rather than through a secure website
• The website appears basic with poor English, such as spelling and grammar mistakes, or phrases that don’t sound quite right

Top tips to reduce the risk of being a victim of purchase fraud:

• If you are using a new supplier, ensure you research the company and read reviews left by other customers on third party review websites and not just on the supplier’s site
• Avoid making large orders with suppliers you have not come across before
• Review the website to ensure it is professional and look out for any grammar or spelling mistakes
• If a product or service is unavailable at your usual supplier and you look elsewhere, a good indicator that a website may be illegitimate is if they are offering the same product or service at a discounted price in comparison to other vendors
• If you are made aware of the supplier via an unexpected email, make sure to type the web address into your browser yourself rather than clicking on any in-email links
• Ensure emails that are sent to you from the ‘supplier’ come from email addresses which correspond with the main website domain
• Check the ‘Contact Us’ page as most legitimate companies will list ways for you to get in touch with them. If the site doesn’t have a ‘Contact us’ page or only offers a form to fill out, this could indicate a dubious website

If you believe you have been a victim of purchase fraud, please contact us immediately on our UK Client Services line 0800 023 1441 or +44 (020) 7367 7881 if calling outside the UK.