Protect your business from fraudsters

You are here: Home » News & Views » Protect your business from fraudsters

  • For your business
Image for Protect your business from fraudsters

One in four small businesses are affected by fraud in the UK every year, with an estimated loss of £18.9 billion*.

A number of big companies including Amazon and Paypal have spoken out about fraudulent activity; asking members of the public to ignore ‘phishing’ emails, to not respond to text messages and never give out any personal information.

But fraud has many categories and it seems no one is save: identity theft; online fraud; bank fraud; pension scams; holiday fraud; facility takeover and receipt fraud.

13,223 cases of fraud have been reported within Greater London in the last five months alone.*, 3.8 million cases of fraud and 2 million cybercrimes were reported in the UK in 2016.**

HM Revenue and Customs (HMRC) has also made warnings regarding recent fake tax rebate scam emails; text messages, social media and the most recent - create a Government Gateway account scams.

“Some websites, emails or phone numbers can look like they’re part of an official government service or that they provide more help than they actually do,” said HMRC.

“This might mean you pay for services that you could get cheaper or for free if you used the official government service, for example renewing a passport.

“HM Revenue and Customs (HMRC) will never use texts or emails to tell you about a tax rebate or penalty or ask for personal or payment information.”

Action Fraud, the UK’s national reporting centre for fraud and cyber crime, deals with reports of scamming, defrauding and cyber crime from across the country.

Here are some of the scams Action Fraud is currently warning the public about:

Jaff ransomware

Jaff ransomware is currently being distributed in phishing campaigns sent out by cyber criminals.

A phishing campaign is when fraudsters ‘fish’ for victims by sending urgent messages via emails, text messages, phone calls and social media in order to gain access to personal data and bank accounts.

The Jaff ransomware is sent by email as an attached PDF disguised as an invoice/scans.

When opened the ransomware changes all file extensions, the desktop background and places a ReadMe.txt or ReadMe.html which directs victims to a website to pay for the decryption of files.

Invoice scams

Business owners are being warned about a fake invoice scam, where an invoice or bill is sent to a company asking for payment for services or goods.

The invoice says the payment is past its due date and non-payment will affect credit rating.

Fake BT bills

A new fake email currently being sent out steals personal information including usernames and passwords by ‘eavesdropping’.

The email claiming to be from BT is called ‘New BT bill’ and contains a link that once clicked starts up Dridex malware and downloads without even opening a new webpage.

BT have released a statement in light of this email to clarify that ‘BT would never send an email with an attachment.’


WhatsApp is an instant messaging service used by more than one billion people in over 180 countries – it is also used by fraudsters.

Messages are being sent to users claiming to be from WhatsApp saying their subscription will be ‘ending soon’ and asking for banking details for it to be renewed.

WhatsApp is free, however is didn’t used to be before 2016, so old users of the service are being caught out and the fraudsters are gaining banking and personal information.

How to protect yourself*

  • Don’t click on links, or open any attachments.
  • Always install software updates as soon as they’re available.
  • Install anti-virus software on your computer and mobile devices, and keep it updated. Create regular backups of your important files to an external hard drive, memory stick or online storage provider.
  • If you have clicked on the links, run antivirus software.
  • Fraudsters ‘spoof’ an email address to make it look like one used by someone you trust. Check the email header to identify the true source.
  • Don’t assume anyone who has tried to contact you (via email/phone) is who they say they are.
  • If you are asked to make a payment, log in to an online account or offered a deal, be cautious. Real banks never email you for passwords or any other sensitive information. If you get a call from someone who claims to be from your bank, don't give away any personal details.
  • Make sure your spam filter is on your emails. If you find a suspicious email, mark it as spam and delete it to keep out similar emails in future.
  • If in doubt, check it’s genuine by asking the company itself.

How to protect your business*

  • Know your customers – Fraudsters can pose as a customer, using forged currency, someone else’s payment card or requesting ‘store credit’ with no intention of paying you back. Make sure your sales are guaranteed and learn how to protect your business if any payments fail. Watch out for suspicious orders and use your common business sense.
  • Know your employees – Nearly one in five small businesses have been defrauded by an employee. An employee has access to your key assets and how to get around any processes. Fraudulent activity in the workplace includes: theft of goods, misusing company credit cards, colluding with suppliers and submitting false travel claims. Make sure you know who you are employing and ask for references. Adopt an anti-fraud policy statement.
  • Know your suppliers – More than 670,000 businesses have fallen victim to a fake invoice fraud at some point in their trading history. It is important that you know who your supplier is – do your research before choosing a supplier (for example visiting Companies House for their business records). Check that you are only paying for the goods/services you’ve received and monitor behaviour and performance.
  • Know your assets – Make a list of your key assets (machinery, stock, money, data) and think of a way of securing them (insurance, online data protection). Restrict access to your assets. Protect your identity.

Report it

Report fraud, attempted fraud or cyber crime to Action Fraud online or call 0300 123 2040.


**Based on survey results from the Office for National Statistics (ONS).