Corporate fraud – a growing problem
In a time when things mostly happen digitally, there are many new opportunities but unfortunately also many pitfalls. When doing business today, most cases require an increased digital presence in order to meet new demands and take advantage of the opportunities that exist. More exposure unfortunately also means a greater risk of falling victim to fraud and digital crime.
In 2022, roughly 200,000 fraud offences were reported in Sweden, which is an increase of over 50 percent compared to just a decade ago. Many of these types of scams have been around for a long time, but the digitisation that has taken place over the last few decades has made it much more obvious to fraudsters and has left businesses increasingly vulnerable. Many simply do not have the right knowledge, protection or safety practices to deal with digital attacks and fraud.
A widespread societal problem
The police authority has established that fraud is an important source of income within organised crime, and it is expected that fraud will continue to increase in the future.
"It concerns everything from individuals to gang criminals and organised crime. Fraud is one of the most important and lucrative pillars that today's criminals lean on", says Anders Björkenheim educator in fraud prevention.
Fraud has also led to extensive consequences for society at large, with shocking costs of SEK 100 billion each year – about 2% of Sweden's GDP and more than what is spent annually on military defence. On top of that, this type of criminal activity is also very difficult to investigate. The police have on several occasions reported on how complex it is to investigate cases of fraud if they were committed in digital channels, as many fraudsters can easily remain anonymous and in some cases are located outside of Sweden.
Some of the most common frauds against companies are, for example, CEO fraud, invoice fraud and phishing. Very few of these fraud cases result in prosecution – making it even more important for companies to think proactively and stop the fraud before it occurs.
The most common scams and how they are conducted
Most scams involve fraudsters sending some kind of false communication to a recipient. The purpose is to somehow "fish" for and steal information that can then be used to, for example, steal money, carry out extortion, falsify documents or assume someone's identity.
This can involve manipulative calls, e-mails, text messages and malicious websites that compromise the safety of whoever interacts with them. Many of these methods used to be more primitive and not very convincing, but today even experts have trouble distinguishing fake messages from legitimate e-mails and texts.
There are many companies that have fallen victim to this, where unsuspecting recipients have, among other things, received fake messages from the company's IT department, accountants, the CEO or other high-ranking officers in management urging them to log in to malicious pages, give out sensitive information or download files that appear to be legitimate.
The development of artificial intelligence (AI) is of particular concern, being able to imitate people's voices almost perfectly. It has been used in attempts of fraud where fraudsters using fake AI generated voices requested transfers of corporate assets.
What can you do to avoid being deceived?
The criminals are inventive and constantly find new ways to conduct fraud against both individuals and companies. Just having a decent firewall and antivirus installed is not enough to stop all malicious fraud activities online. Thankfully, there are still some things that every corporation can do to strengthen its position and protect itself against this growing problem.
A fact in today's society, but something that is surprisingly still lacking in many companies, is to ensure sufficient IT security. Make sure you have good firewalls, good antimalware and antivirus, password managers, backup copies of important data and software that blacklists and filters out known and suspicious addresses and mailings.
An easy and good tip is to keep track of what the most common scams actually are, so that you can easily identify a fraud attempt once you are exposed to it. Take a few minutes each year to read about the new risks companies face, as the risk landscape in the fraud world changes and evolves all the time. One tip is to keep an eye on the Swedish police department's own, and often updated, list of common online scams.
Look out for bad language in e-mails or text messages, urgent payment demands, small errors in e-mail addresses or similar but incorrect domain names, for example companyname.org instead of companyname.se, in Swedish cases. Sometimes the sender may look completely genuine in an e-mail message, but if you press "reply" you will see the fraudster's address in the address field instead
Another good tip is to go to sites such as the Swedish allabolag.se (allcompanies.se) to check company information about companies from senders you suspect may be fake.
Educating the company's employees in what risks there are and what they look like, significantly minimises the risk of getting into trouble. It only takes one unwary person clicking on the wrong link or giving out information for the fraudster to gain access to business-critical data. What may be clear to Caroline may not be for Carl. Ensure that all employees know the security routines and regulations for how to handle sensitive information that they can rely on.
Fraudsters look for flawed security procedures and play on individuals' fears and stress until they find someone who isn't paying attention and accidentally clicks on the wrong thing – That’s when a simple mistake suddenly can become very costly for a company.
Fraud prevention is partly about establishing sufficient technical protection in the form of software, but it is also a lot about common sense and simply having to think a couple of extra times in digital channels.
Stay alert, take your time and keep yourself, your colleagues and your security procedures up to date and it will go a long way towards making you safer. However, if you have been the victim of fraud, it is important to be quick – block any company cards and save all information about the fraud attempt to give the police a better chance to investigate the case.
Written by UC AB