Avoiding Trade Credit Fraud

It can be difficult to identify a potential fraud but there are some warning signs to look out for that can assist in avoiding and certainly reducing the negative impact this can have on a business. 

Losses due to fraud are not generally covered by Credit Insurance policies meaning your Insurer is not liable for this loss. However, there are some exceptional cases where we know underwriters have accepted liability, so having a policy may have added benefits!

The TL Dallas Group of companies and the insurers we place cover with are seeing significant increases in the number of fraud overdues or claims being reported by clients. In particular, ‘assumed identity’ fraud cases – this is when a third party assumes the identity of well-established creditworthy businesses. 

CEO fraud is the impersonation of a company’s CEO or high-ranking officer to try and trick an employee into transferring money.  Unfortunately, as it is subsequently discovered, these payments have gone to the fraudsters account.  

 

Currently, the main sectors affected are Food & Drink, IT and Construction. However, all sectors are being targeted.

Whilst we are concentrating in this article on trade credit insurance and fraud we do have other solutions for Cyber Liability and Financial Crime risks – these policies can cover some of the areas highlighted and in addition cyber attacks on your IT systems and the liability that may arise if you inadvertently pass on viruses, ransomware and the like to third parties.

Please contact Mike Martin or Matt Smith on 01274 465500 or email mike.martin@tldallas.com or matt.smith@tldallas.com. There are also a number of articles on our website that may be of interest and you can access them here.

 

Some points to be wary of include: –

FINANCIAL STATEMENTS

  • Confirm the issued share capital stated in the Company’s accounts are consistent with the annual returns 
  • Be wary of a Company that submits accounts shortly after its financial year end or a dormant company suddenly becoming active 
  • Be wary of Companies filing above and beyond its filing requirements. Remember a ‘small company’ is required to submit abbreviated accounts to Companies House and ‘micro-entities’ are required to submit simpler accounts that meet minimum statutory requirements 
  • Compare accounts to other Companies within the same industry and be wary of Companies that have filed accounts which appear ‘too good to be true’. lf the accounts are audited, check if they’re registered using http://auditregister.org.uk/Forms/Default.aspx
  • Conflicting trade sectors – eg. Companies House states ‘wholesale of food + beverages’, but their website/status report states manufacture of metal 
  • Check the Directors do not have any association to failed companies or high volume of newly incorporated companies as this can be a warning sign
  • Frequent or sudden change/s in shareholders/directors or registered office can also be a warning sign 

NEW CUSTOMERS 

  • An unsolicited enquiry with a short/urgent delivery deadline – the potential new customer will be persistent and put you under pressure to open an account. There will be an unusually short period between first contact, order and delivery date. 
  • No landline telephone number provided – only a mobile number. Calls are usually not answered but go to voicemail and then your call is returned. If a landline is provided, when you call it’s been disconnected or just rings out.
  • Mirror imaging of existing genuine email and website addresses.  They are usually very similar to the company they are impersonating, however there will be subtle differences, i.e.:

Genuine company website address – www.tldallas.com 

Fraudulent company – www.t-l-dallas.com 

  • Professional looking website but with little functionality. The website will look OK, but basic and light on any details, landline telephone number etc. 
  • Be cautious with trade references and check them thoroughly – some recent cases we have seen have highlighted the trade references given were fraudulent and that associates, were also involved in the fraud.
  • The buyer is generally not interested in price with little or no negotiation – why would they be if they are not going to pay you! 
  • Buyer requests to collect goods themselves from your premises/warehouse, often in a private car or unmarked vehicle
  • Being asked to deliver goods to a different company or an unknown third party
  • Buyer changing delivery address at short notice – use Google Maps or Royal Mail postcode and address finder to verify addresses
  • Potential customer is overly ready to supply information – trade references and accounts/managements accounts are available without being asked 
  • Confirm that the supplied VAT and Bank Details are genuine 

EXISTING CUSTOMERS

Be wary of last minute requests, from your existing customers, if they do not follow their usual established trading pattern – check the details out further and call your usual contact and confirm changes in writing. 

 

Avoiding Trade Credit Fraud – download the pdf here.

 

Further useful information can be found here

 

If you would like to discuss Credit Insurance, please call 01274 465 522 or 01324 717 466. Alternatively, email your details to Credit@tldallas.com and a member of the team will be in touch.

Cyber Crime

As cyber attacks continue to rise and in the wake of the recent NHS cyber breach, UK-based businesses of all sizes are being urged to protect themselves against online crime. Recent government statistics showed nearly half of all UK businesses suffered a cyber breach or attack in the past year.

A recent survey* reveals nearly seven out of ten large businesses identified a breach or attack, with the average cost to large businesses of all breaches over the survey period in 2016 being £20,000 and in some individual cases reaching millions.

The survey also shows that personal data is still a lure for criminals, with businesses holding electronic personal data on customers much more likely to suffer cyber breaches than those that don’t (51 per cent compared to 37 per cent). The most common attacks detected were via ‘phishing’ (fraudulent emails).

Almost all businesses rely on information technology (IT) infrastructure to transmit and store data including, employee and customer records, company business records, e-mail and telephone services, company website and online sales.

 

So, what is Phishing?

Phishing is a form of social engineering that uses email or malicious websites to solicit personal information from an individual or company by posing as a trustworthy organisation or entity. These kind of attacks are often via email and appear to be from an institution or company that the individual does business with. For example, a bank, or a web service the individual may have an account with.

The goal of a phishing attempt is to trick the recipient into providing login credentials or other sensitive information. For instance, a phishing email appearing to come from a bank may warn the recipient that their account information has been compromised, directing the individual to a website where their username and/or password can be reset. This website will also be fraudulent, well designed to look legitimate, but exists solely to collect login information from phishing victims.

These fraudulent websites may also contain malicious code which executes on the user’s local machine when a link is clicked from a phishing email to open the website.

 

How to identify Phishing attacks

As noted above, phishing is most often initiated via email, but there are ways to recognise suspicious emails from legitimate ones. Training employees on how to recognise these malicious emails is a must for enterprises who wish to prevent sensitive data loss.

In many cases, these data leaks occur because employees were not armed with the knowledge they need to help protect critical company data. The following may be indicators that an email is a phishing attempt rather than an authentic communication from the company it appears to be.

  • Emails with generic greetings
  • Emails requesting personal information
  • Emails requesting an urgent response
  • Emails with spoofed links

When in doubt, contact the company in question to find out if the email is legitimate. If it is not, the company is now aware and can take action to warn others of potential phishing attempts appearing to come from their company.

Therefore, companies are exposed to risks which could disrupt business and potentially incur huge unexpected costs. It could also lead to loss of income and possibly reputational damage if companies are unable to trade. In addition, private information held on your employees and customers could be lost, damaged or stolen.

 

What can you do to protect your business?

TL Dallas has access to a number of insurers offering Cyber Liability Insurance to help limit the impact of any breach. We have detailed below how such a policy would work and the processes that would be put in place should a breach occur.

The policy is triggered either by:

  • Loss or suspected loss of non-public data. This could be as a result of misplaced/lost/stolen files or electronic devices used to store, process or transmit data e.g. a laptop, or, a malicious act that erases, alters or destroys data, whether caused from within or outside your organisation
  • Breach of privacy legislation, e.g. Data Protection Act 1998, or other similar privacy laws elsewhere in the world, or
  • The negligent or inadvertent transmission of Malware (any code to erase, deny access to, corrupt, damage, disrupt any network or system or circumvent network security) to a third party
  • Unauthorised Access – meaning access to, and use of your computer system or network infrastructure by any person not authorised to do so, including your employees

A breach could have a major impact on your company. Policies are therefore designed to support you throughout the process with an aim to get your business back up and running as quickly as possible. Typically, you would have one point of contact throughout who would work with you, leading and managing the incident response, tailoring the recovery programme to your needs. The devil is in the detail. Key points to remember:

  • Cyber frauds are unlikely to be covered under fidelity wordings or under ‘crime’ extensions to management protection contracts
  • Cyber wordings on the cover are continually evolving – take care and read all the terms and conditions
  • Be cautious of ‘knowingly surrendered’ exclusions – these will really impact the cover where an insured has been duped
  • Be cautious of ‘social engineering’ exclusions or sub limits

 

Contact your TL Dallas broker for advice or speak to Mike Martin or Matt Smith on 01274 456500 or email mike.martin@tldallas.com/matt.smith@tldallas.com for further details.

 

*Source: The Cyber Security Breaches Survey 2017

How To React When Your Cyber Attack Goes Public

I’m so utterly in thrall to Netflix that I have a mild panic once I reach the end of the latest box set. Mercifully, that’s offset by the wave of relief when I find something new.

And so it was that, after eight blood-spattered seasons of Dexter, I stumbled upon Designated Survivor, in which Kiefer Sutherland plays a reluctant and under-qualified US president. He’s thrust into the role after the rest of the Government dies in a bombing on Capitol Hill during the newly- elected president’s swearing-in ceremony.

A few episodes later, the White House is the victim of a cyber attack. As the source of the breach is sought, the Chief of Staff frets over how to keep it quiet.

In real life, keeping unexpected events under wraps is a difficult balance between business protection and the transparency expected by clients and customers. My experience, though, is that if you’re a business of any repute or note, the truth has an inconvenient habit of finding its way out into the world.

That doesn’t mean you have to book a confessional prime-time ad. But if the breach is likely to have an impact on even a small group of customers, they have to hear it from you. The forthcoming GDPR regulations, which replace existing data protection rules, have specific obligations around reporting data breaches, so you’d be well-advised to speak to your lawyer about these.

More broadly, there are some golden rules. First, prepare for the worst. Most businesses will have some sort of resilience plans in place for fire, plant shutdowns, supply chain disasters – I’m willing to bet few have a data resilience plan, including examining risks in advance and media training spokespeople who can defend the company’s position.

If you have to put your hands up, there can be no half measures. You can’t tell a bit of the truth. Get on the front foot, before you’re asked, and give yourself a chance to control the message. Don’t allow yourself to be ambushed.

Simultaneously, you need to tell people what you’re going to do – or even better, what you’ve already done – to fix the problem so it can never happen again. They have to understand how seriously you take this, and any vague language or half-measures won’t provide the necessary reassurance.

Finally, be consistent. Look at every channel of communication available to you and make sure the message is consistent across all of them. Run communications from a central point and don’t have anyone – and it doesn’t matter how senior they are – going off and doing their own thing.

All of that said, there’s a simple truth about cyber attacks. If it happens to you, in whatever form, it’s going to hurt. If you can make sure your business has a plan which everyone understands, you can come out of a difficult issue looking like the good guys. Whether or not it’ll work for Kiefer I don’t know – I lost interest and started watching Line of Duty.

Bryan Garvie, director, marketing communications agency
Big Partnership

Invisible Risks

In the face of increasingly sophisticated risks or ‘invisible’ incidents, businesses and individuals are finding they need to consider new areas of protection in addition to the more traditional risks that they would normally insure against, such as fire or flood.

These additional areas of risk include:

 

Commercial Crime/Financial Fraud

Recent statistics (RSA) suggest that between 25-33% of all companies suffered some sort of fraud in the last year – either a direct financial loss or misappropriation of assets.

It’s not only large companies that need to protect themselves: nearly 50% of those targeted had fewer than 1,000 employees and the average size of the loss was around 1.3% of turnover.

As with all risks, prevention is better than cure: just as you should have a robust fire risk assessment, we suggest you carry out a fraud risk assessment. This would identify any threats and put in place systems to detect fraud and prevent it wherever possible.

Even if all these systems have been implemented but the worst still happens, insurance is available. This will not only cover your loss, but also any expenses relating to the loss, such as lost management time, any reputational damage and lost business opportunities.

Policies are also available that cover both fraud by employees and third parties.

 

Cyber/Data Breach

Statistics from Garter Inc suggest there are currently 6.4 billion devices connected to the internet and this will increase to 20.8 billion by 2020.

Such explosive growth poses risks to both individuals and businesses, with the risk of cyber attacks and data breaches increasing exponentially.

Insurance solutions to this threat are now more sophisticated – there are products on the market that can cover your business for first and third party losses, costs of PR and reputation management and loss of income following a cyber-attack.

 

To discuss this in more detail, please contact your nearest TL Dallas branch.

10 reasons for specific computer insurance cover

Almost every industry relies on computers to help run their business. Any loss, breakdown, data corruption or cyber attack can cause interruption to business and loss of earnings. Despite this, many businesses don’t have appropriate cover in place.

Our friends at Allianz have created 10 reasons for computer insurance to highlight the importance of appropriate cover.

If you would like further details please contact your nearest TL Dallas branch.