Payment diversion fraud (PDF) continues to be a major issue for businesses across the UK, with nearly a quarter (24%) falling victim to this type of cyber attack in 2022, according to the Hiscox Cyber Readiness Report. The report, which surveyed 982 businesses, revealed that this type of fraud is not limited to certain company sizes, but rather targets businesses with weakened IT systems or those that rely on human error.

PDF occurs when cyber criminals pose as trusted suppliers and deceive individuals within the business into making false bank transfers or other payments. The average cost of a claim for customers seeking assistance after a PDF attack in 2022 was £15,484. These claims were most prevalent in May and November, as businesses geared up for the summer and festive seasons, respectively.

Alana Muir, Head of Cyber at Hiscox UK, warned that payment diversion fraud can have grave consequences for businesses, leaving them significantly out of pocket or even bankrupt. She emphasized that most attacks occur due to basic checks that businesses fail to carry out before making a payment, often the result of human error that could have been prevented.

To prevent falling victim to PDF, businesses are advised to take several precautionary steps. First, it is recommended to make a test payment to the payee and ensure they receive the money before transferring a large sum. Additionally, businesses should carefully verify any notifications of change in bank details, as they may be fraudulent. The payee should be contacted on a known and verified telephone number to confirm any changes. Regular training for employees is also crucial to remind them of what to look for when making payments and the necessary steps for due diligence.

In terms of IT security, businesses should regularly change passwords, using complex combinations that are difficult to guess. Multi-Factor Authentication is also recommended to protect accounts such as email from being compromised. Adopting a “four eyes” approach, which involves requiring dual signatories for payments above a certain amount, can provide an extra layer of security. Furthermore, regular checks on IT equipment should be conducted to identify and address any weaknesses in the system.

If there is any doubt about a transaction, businesses are advised not to proceed with the payment. If a scam is suspected, it is essential to contact the bank immediately to prevent further loss. Hiscox has also taken proactive steps to address the issue of cyber attacks by introducing the CyberClear Academy in 2017. This academy has trained almost 36,000 individuals from 7,000 organizations, helping to identify knowledge gaps that could be exploited by cybercriminals. The training, delivered through a combination of videos and interactive materials, equips employees with the necessary skills to mitigate cyber risks.

The findings of the Hiscox Cyber Readiness Report 2023, compiled in collaboration with Forrester Consulting, are based on a survey of 5,005 executives, departmental heads, IT managers, and other key professionals across the USA, UK, Germany, France, Spain, Netherlands, Belgium, and Ireland. The report will be released in September and will provide comprehensive insights into the current state of cyber readiness among businesses.

In conclusion, payment diversion fraud remains a persistent threat to businesses in the UK. It is crucial for companies to prioritize cybersecurity measures and ensure that employees are well-trained and vigilant when it comes to making payments. By implementing best practices and regularly assessing and strengthening their IT systems, businesses can significantly reduce the risk of falling victim to PDF attacks.

Source link