Māris Pelcis: entrepreneurs are also targeted by fraudsters. Stricter controls must be put in place, and employees need training

20.06.2024 - 15:08

Can telephone fraudsters “fish out” substantial sums of money from a company account? They can if the company has not paid sufficient attention to security in the past and employees do not know how to deal with cases of fraud. Our organisations are getting bigger and more valuable, but the risks are also increasing and we should pay more attention to security issues. For example, whether, under the new circumstances, the right to make transfers from a company account can be left to an individual.

Statistics show that the number of financial frauds is rising rapidly this year – in four months, more than seven million euros were swindled (twice as much as last year), while an attempted fraud of a further EUR 4.3 million was prevented by the banks . Most of these cases involve telephone fraud.

But despite these figures, we all know perfectly well that it is impossible to defraud ourselves. We are capable of distinguishing fake messages from real ones, fake employees from the real ones, fake police officers, fake bank employees or other fakes. It is this belief that often comes into play. Phone scammers succeed because of two important factors: they appear very confident and they get the victim to act quickly without thinking. All a scammer needs is to make you believe in a fictitious story with their voice, such as fighting money fraud. You are at risk, you need to transfer money quickly, you just need to send access codes to your account so we can protect it, you need to allow remote access to your computer. Quick, quick, or you will not let it go! This is the main approach and scheme of the telephone scammers. The victim does all the rest for them.

It works the same with companies. A company representative, who is authorised to make payments, has to hint that some unscrupulous bank employees want to steal a company account, so the money needs to be transferred elsewhere urgently. Quick, quick! This is where the ubiquitous negative public perception of banks comes in handy for the scammers in the talk, as it creates a favourable backdrop that makes the scammers' “stories” believable. We know of a number of cases where fraudsters pose as law enforcement officers supposedly fighting fraud. It works and people are willing to make transfers to fraudster accounts, supposedly to protect their money.

Organisations are advised to have regular cyber security training and talks with staff explaining how phone fraud occurs and who should report it. Most importantly, payments should be authorised by at least two employees. As sales and the number of transfers increase, be sure to spread the risks. From single payment decisions to a multi-person system. This not only protects against fraud but also against mistakes that can happen to all of us. In addition, sharing the risks and responsibilities also protects the company's employees, because we are not talking about mistrust of our employees here, but about a much riskier environment in which they work.

And above all, economic operators must not, under any circumstances, treat cyber security issues and the associated security measures as a formality. Such an attitude is often the basis for the success of fraudsters. A self-confident company employee who gets involved in a company account and “knows” that something like this can never, ever happen to them is the best combination a fraudster could wish for.

To recognise attempted fraud, remember that neither the bank nor the police will ask you to send someone access codes to a bank account, provide passport details, order a transfer or rush to make a transfer. Working with the National Police, we have developed a 'Seven NO' security code to help people avoid call scammers, traders and fake financial platforms. When it comes to phone scams, do not trust strangers and do not be pressured into acting quickly. Even if the scammers threaten to lose money or criminalise you, there is no need to rush. It takes time to check the information, call your bank or your partner back. Sensitive data such as access codes for Smart ID or Internet banking, PIN codes etc. should not be passed on. You must not allow a remote connection to your computer or smart device. In case of suspicion, you must interrupt the call to make sure the money is safe. Call the bank by dialling the official number that the person enters themselves (and not someone who answers it remotely).

We must realise that we live in a reality where artificial intelligence enables new types of fraud, such as imitating the voice of a company manager or even a picture in a video call . Phone scammers, on the other hand, refine their methods by understanding what people are afraid of and how they can be intimidated. Knowing these risks and being informed is half a step towards security. It is, therefore, the responsibility of companies not only to implement cyber security measures at the IT system level, but also to spread the risks and educate our employees about a world in which we have more and more opportunities, but unfortunately also new threats. The level of security that each organisation achieves in a broader context shapes our overall national level of security.

Mārcis Pelcis
Head of Security Department of SEB banka