How to keep your small business safe from fraudsters

How to keep your small business safe from fraudsters

At Tide, we know that you’re focused on the smooth running of your business, which includes keeping it safe. That’s why, when you join us, you won’t just get a business account packed with tools and features to make your life easier – you can also count on us as an added layer of protection. There’s lots of ways that we do this, but for starters, we make use of robust risk systems and conduct thorough checks on both payments and new members. 

Some types of fraud can be harder to spot, so it’s important for you to know what to watch out for. To help you do this, we’re relaunching our ‘Keep Your Business Safe’ series, where we’ll bring you the most up-to-date information on some common types of fraud and financial crime in the UK.

Table of contents

APP fraud

First up, we’re tackling three types of fraud that come under the umbrella of APP fraud. Need a refresher? Authorised Push Payments (APP) fraud is where people are scammed into giving money to a fraudster, because they believe the payment is legitimate. To learn more about APP fraud and what Tide is doing to protect you, check out our dedicated blog post.

Now that we’re aware of the facts, let’s start the fightback. Our Head of Financial Crime, Matt, is on a mission to educate our members and help small businesses protect themselves. We caught up with him to get his advice for protecting your business against APP fraud:

“If in doubt, don’t respond immediately – wait until you have proof. Fraudsters play on panic.”

“As we’ve come to realise, the idea that security starts and ends with the purchase of a pre-packaged firewall is simply misguided: it’s time to do something new. If someone is telling you that something has changed with your contract or billing, reach out to the person you know directly and find out if it really has come from them. If in doubt, don’t respond immediately – wait until you have proof. Fraudsters expect you to panic and act quickly. By giving yourself more time, you can make the right decision. Stop, consider and confirm,” says Matt.

Next step, protecting your business 👉

To help keep your business safe from APP fraud, it’s useful to learn the most common ways it can happen. We’ve rounded up three to start with, but we’ll be deep diving into these and others in future posts:

1. Invoice fraud 🔎

Often, a fraudster’s first port of call is to research your company to know who your suppliers are, how often and how much you pay them. They’ll try to use that information to defraud you. You might get an email from one of your suppliers saying that they’ve changed their bank account details. Now, they’d like you to pay an outstanding invoice to the new account. The email address looks legitimate, and it’s come from your normal contact there – nothing out of the ordinary, right?

Not quite. With invoice fraud, your supplier’s ‘new account details’ actually belong to a fraudster. By the time you’ve paid the outstanding invoice and realised the email wasn’t legitimate, your money is long gone.

As Matt said, fraudsters count on you making snap decisions when presented with new information, and use this to their advantage. But there are actions you can take to stop them in their tracks:

  • If you get a notification from a supplier saying they’ve changed their bank details, confirm the change verbally by calling them on their usual number. If the change is genuine, they won’t mind you checking
  • Make sure anyone in your company who can send payments is aware of this type of fraud
  • When you make a payment to a supplier, follow up with them using contact details you know are correct, to make sure they’ve received it. That way, if you’ve made a payment to a fraudster, you’ll realise immediately – and you might be able to get the money back 
  • Where possible, remove or limit any information you’ve shared publicly about the suppliers or companies you work with. This makes it harder for fraudsters to research you

2. Social engineering fraud 💬

In this type of fraud, scammers try to scare you into handing over confidential information, such as bank account details, passwords or passcodes. For example, you might get a call from someone who claims to be your banking provider. They might say that your account has been hacked, and you need to move your funds into a new account. They’ll quote a few recent transactions you’ve made, and they might even know if you’ve been a victim of fraud before.

What you can do to protect your business from social engineering fraud:

  • If you get a phone call from someone claiming to be your banking provider and asking you to move money, don’t make the transfer. No UK bank will ever ask you to move your money to another account to keep it safe. End the call and get in touch with your bank to tell them what’s happened. Remember to use contact details that you know are correct. These include a verified phone number, email address or live chat service
  • Likewise, Tide will never ask you to move your money to a new account to keep it safe. If you’re asked to do this, end the call immediately and use our in-app chat to let our Member Support team know

3. CEO fraud 👀

Here, a fraudster will impersonate the CEO or manager of a company. Then, they’ll instruct an employee (usually in the finance department) to make a payment to an account in the fraudster’s control.

As with the other types of fraud we’ve listed above, there are steps you can take to protect your business. Remember, fraudsters count on you feeling pressured to act quickly. If something doesn’t feel quite right, it’s always better to check.

To beat the fraudsters:

  • Make sure your employees are aware of this type of fraud. Consider running training sessions, or direct them to this blog post 🙌
  • Put a system in place so that more than one team member has to approve high-value payments. That way, there’s less risk of a fraudulent payment being made because one person felt pressured to act
  • Update your passwords regularly and asking your staff to do the same. Remember, a strong password includes a mix of numbers, letters and symbols

Wrapping up

💡 Knowledge boosted? The best defence for your business is you, which is where our ‘Keep Your Business Safe’ series comes in. We want to help you feel confident and empowered to make the right decisions, armed with all the facts.

Kiera Woodhull

Senior Copywriter

Tide Team

Image of Tide card

A business bank account that's free, easy to open, and helps you start doing what you love.

Tide is about doing what you love. That’s why we’re trusted by 350,000+ UK businesses.

Open an account
Image of App Store 4.7, 27k
Image of Google Play 4.6, 3.7k