Fraud watch during COVID-19 & building resilience
If you open a web-browser and type “coronavirus and fraud” into a search engine, you will see that there are numerous articles from a variety of sources commenting on this topic. From a cursory glance, it seems that the main focus of these reports is on how the vulnerable fall victim to fraud, that is, vulnerable persons who have fallen for scams related to COVID-19. Some reports, helpfully, offer advice on how people can protect themselves to make them “fraud-proof” and some simply report on the estimated value of these frauds. However, it is also the case that corporates can be vulnerable too.
Corporates can be equally vulnerable, or more so than people when it comes to economic losses that can occur as a result of fraud. Fraudsters are sector and geography agnostic during this time of lockdown. Behind every corporate body there are people, whether in the form of shareholders or stakeholders such as employees and suppliers of goods or services and all can be impacted by a fraud on the company. If corporates are unprepared for fraudulent attacks, it is inevitable that when they do occur, the effects can be catastrophic. The company itself (as a separate legal entity) will suffer, but it is arguable that the real effect is to those behind the corporate structure, from those who will lose their livelihoods, such as employees and investors to creditors and government bodies.
It is clear from recent reports that cyberattacks are the main focus during this pandemic. However, there is an emerging trend of supplier frauds which range from incorrect/low quality goods being supplied, to the receipt of far fewer goods than was ordered and counterfeit goods, all being successfully perpetrated because of the opportunities that present itself in the COVID-19 environment. Frauds against corporates do not only occur online during lockdown. This COVID-19 pandemic, like never before, has presented fraudsters with opportunities unlike those seen or experienced. It is no longer a matter of “what if” it is about “what is”.
Organisations are being used as tools or conduits for fraudulent attacks. Organisations that are unprepared, overwhelmed with increased demands or who incorrectly hold the view that they are impenetrable, are seen as easy prey. There is also the issue of increased vulnerability due to the record number of employees working from home throughout the UK. It has been reported that Zoom has experienced a decrease in its clientele as a result of security breaches by fraudsters who target the increased usage of this popular business communication tool to access personal data. During lockdown reputation for safety and good robust working practices are key to trust from investors, clients and suppliers.
Those of us who work in fraud investigations and prevention often refer to the reported fraud as the “tip of the iceberg”. This is especially true during COVID-19. Corporates are focused on crisis management, and they must also focus on risk management, and this must include pro-actively managing fraud risks. There is an expectation on the part of the stakeholders that this is being done, but let us look at an example of how little focus there often is on fraud prevention. Despite huge recent fines within the banking sector, recent research reported by ComputerWeekly.com suggests that only “13 out of the 64 banks accredited by the UK government…have bothered to implement the strictest level of domain-based messaging authentication, reporting and conformance – or…protection to stop cyber criminals from spoofing their identity to use in phishing attacks.” This is evidence that corporates are not always prepared to deal with fraud and do not always have the necessary tools to prevent, identify or investigate it.
Fraud thrives where there is opportunity and where opportunity and vulnerability intersect fraud (and fraudsters) flourishes. Taken that fraud has more than doubled in over the past year, increasing from £746.3m to £1.7bn, COVID-19 has certainly increased those opportunities. Corporates will need to ensure they are not vulnerable by analysing and assessing their specific fraud protection and prevention needs, and following up with detailed investigations to identify how fraud occurred and make sure that it does not happen again.
Corporates should take steps to rethink how they operate, look beyond red flags (the reactive approach) and implement strategies that demonstrate that they are proactive and prepared when fraudsters strike. Corporate fraud protection and/or fraud prevention plans are a lot more nuanced than a “tick box” exercise. They require more than a one-size-fit-all approach to build a resilience going forward. Corporates will need to act with urgency to prevent any vulnerabilities to fraud - the clear and present danger of an ‘alternative virus’ presented by the COVID-19 pandemic.
BDO has, for the past 17 years, engaged it resources in tracking reported fraud over £50k in the UK. Preliminary data collected for the period December 2019 to April 2020 shows that when compared to the same period last year, reported fraud has increased by over £57m, no doubt partly attributable to vulnerabilities pried as a result of COVID-19.
The only way to slow down this increasing trend is act proactively in finding solutions that suit your specific fraud protection and prevention needs that will mitigate fraud risks in these uncertain times.
Please contact one of the Forensics team if you would like to discuss proactive fraud protection and prevention solutions suited to your specific needs.
BDO London - Baker Street
+ 0203 219 4871 DDI
Our team works in a range of forensic services, produces the annual FraudTrack report covered in national press, and are a recognised global cross-border investigations team. Our forensic and dispute advisory practices combine in-depth industry knowledge with experience and technology to provide innovative and recognised services.