Do you know the seven examples of fraud in business that are the most dangerous?
The threat of fraud has always existed, but these days, it’s powered by new technologies and techniques. It’s no surprise, then, that organizations are more aware than ever of the impacts of fraud – not least on their reputation as a secure company.
82% of senior leaders consider fraud prevention a top priority and want anti-fraud measures to be implemented across business operations.
In this piece, we’ll detail seven of the most dangerous examples of fraud in business and how to prevent them. At Trustpair, we take one type of fraud totally off the table – payment fraud. Learn more by downloading our latest report about B2B payment fraud.
What are the main examples of fraud examples in business?
There are seven main examples of corporate fraud:
- Accounting fraud
- Payroll fraud
- Invoice fraud
- Money laundering
- Vendor fraud
- Phishing attacks
- Wire transfer fraud
Accounting fraud is estimated to affect around 40% of US companies. It materializes from the manipulation of financial records, such as profit and loss statements, balance sheets, and income statements.
Typically accounting fraud is an internal practice, aimed at duping investors or inflating stock prices.
General Electric was fined in 2020 for artificially lowering projected costs and collecting cash at the expense of future years’ profits. Accountants at the company administered bad practices to the financial documents in order to inflate profits without explanation.
As such, many investors were fooled into committing money to the business without realizing that future returns were brought forward, and would therefore be impacted.
Payroll fraud refers to occasions when ‘hours worked’ don’t match ‘hours paid’. There are several different scenarios where this can happen intentionally (and therefore fraudulently):
- The employee doesn’t turn up but gets their coworker to clock in and out on their behalf
- The employee simply lies about the hours they worked on their timesheet
- The manager pays out to ‘ghost-workers’ by submitting false timesheets
Payroll fraud makes up just over 9% of all occupational fraud cases in the US. It’s dangerous for businesses since it usually isn’t discovered immediately after the fact. On average, it takes 36 months for companies to discover cases of fraudulent payroll practices. If it happens consistently over this three-year period, imagine all of the money that your business stands to lose.
One high-profile case of payroll fraud happened to the US’ Department of Defense. Three separate employees were convicted of timesheet fraud, after inflating their overtime hours. The scammers knew that their supervisor was too busy to check the accuracy of timesheets, and a general lack of effective control mechanisms led to the success of the fraudsters.
Invoice fraud happens when false invoices are sent for products or services never delivered. Typically, this type of financial fraud is delivered through external criminals who hack into your system and take over a real email thread from a supplier. By spoofing the real email address and applying heavy pressure, it’s surprising how convincing invoice fraudsters can be.
Shark Tank investor, Barbara Corcoran fell victim to invoice fraud in 2020. A fraud perpetrator spoofed an email address and targeted her bookkeeper, convincing them to wire over $388,000.
Invoice fraud is one of the most common shady schemes out there. In fact, by the end of 2022, finance teams were identifying invoice fraud attempts at least once per month.
Money laundering scams are dangerous for businesses because it carries a lot of risks and can affect the wider economy. But apart from the obvious effects, money laundering in the digital age is now linked to terrorist financing and organized crime. Money laundering refers to the disguise of money that’s generated illegally so that it looks “clean”.
Wachovia Bank was targeted by Mexican cartels, depositing billions of dollars through wire transfers, cashiers’ checks, and cash. The bank was fined in 2011 for failing to maintain anti-money laundering protocols since the money was likely generated through theft or by other illegal means and then used towards more illegal schemes.
Although easily confused with invoice fraud, vendor fraud is actually a separate type of scam. Both types of fraud begin in the same way, through supplier impersonation, yet vendor fraudsters don’t touch the invoice.
Instead, waiting until the real supplier sends their true invoice, the fraudsters accompany it with their own email requesting a change in bank details. Without the right checks in place to verify that the new account details do indeed match up, your company risks paying the scammers while your real vendors are still waiting for their funds.
Our client, Sade Telecom, fell victim to vendor fraud before we began working together. It took approximately three weeks to realize that they had been scammed by vendor fraudsters, since their real supplier sent a late payment reminder. Sade Telecom suffered from significant financial losses from the event, so chose to partner with Trustpair for continuous account validation to verify third party data.
Phishing attacks are the new age of corporate threats – because they are examples of online fraud.
External criminals commit phishing attacks by impersonating legitimate sources, such as a supplier, or one of your own senior employees. By spoofing the real email address with a counterfeit one, the fraudsters apply pressure to get money transferred or access to sensitive company information.
Phishing attacks are known to be hyper-realistic. Many scammers hack into your system before they attack, in order to learn about how their target communicates. This is what we call social engineering. It was one of the factors that duped Mattel into sending a $3 million payment to Chinese cybercriminals, in one of the most famous fraud cases of all time.
The email requested payment to a Chinese third party (which fits current production plans) and was sent on the last day of the month, as most invoices typically are. What’s more worrying, perhaps, is that Mattel had a double-approval protocol in place to prevent this type of crime, and yet the criminals succeeded.
Phishing attacks are growing in their prevalence, which is what makes them so dangerous. Across business and personal emails, google blocks over 100 million phishing attempts every day.
CEO fraud is one example of phishing, fraudsters use sophisticated social engineering techniques to infiltrate organizations. For example, hacking into an email system in order to realistically impersonate a member of the senior leadership, using the same writing style, tone and sign-off.
Wire transfer fraud
Wire transfer fraudsters aim to dupe your business into wiring funds to their accounts. Because wire transfer is one of the most secure ways to send money (and it’s super fast), it’s very hard for companies to get back the funds they send this way.
There are several different techniques that criminals use to commit wire transfer fraud:
- Business email compromise (with links that download malware onto your computer if opened and essentially hold your business to ransom)
- Hacking (a cybersecurity attack that gets into your system and the fraudsters wire the money themselves)
- Impersonation or spoofing (pretending to be a real supplier or senior executive in your business and ask for the wire transfer)
Wire transfer is considered one of the most dangerous types of fraud since, if it goes undetected, the money is very hard to get back. There is a high likelihood of financial damage if your business falls for a wire transfer scam like this.
The good news is fraud prevention solutions like Trustpair help companies wipe out wire transfer fraud by continuously auditing suppliers and blocking any suspicious wire transfer. Contact one of our experts to learn more!
How can you protect yourself from fraud in business?
Although business leaders are right to fear threats, there are plenty of ways to defend your company so that you don’t become a victim of fraud.
- Training and Education
- Segregation of duties
- Strong internal controls
- Data management policies
- Fraud prevention software
Training and education
Online education or digital training sessions can significantly reduce susceptibility to fraud. Fortunately, this is the case across both business and personal threats.
The best way to implement training and education is with regular sessions. Although 71% of companies receive fraud training, only 8% hold sessions on at least a quarterly basis.
But regular sessions mean you can update your staff on new and emerging threats of fraud, and leverage recency bias. With recent training, your finance team is more likely to spot suspicious activity and raise red flags.
However, as Trustpair CEO, Baptiste Collot notes, “you can’t fight cyberattacks with a human-only policy”.
Segregation of duties
Segregation of duties means that your finance team breaks up tasks and shares the responsibility between two or more members of staff. The purpose of duty segregation is to reduce the control that a single person can hold and make fraud detection easier. Duty segregation is beneficial since it helps avoid distraction and mistakes, as well as prevents the likelihood of internal fraud. The 4 eyes principle is a good example of segregation of duties.
For example, the payment approval process could require signatures from two senior members of staff before payment can be made. This would ensure that one employee couldn’t perpetuate money laundering or payroll fraud on their own, making internal fraud less likely.
Strong internal control policies
Internal control policies in the finance department refer to the likes of frequent audits, the identification of risks and control over document access. Moreover, it involves the creation of strategies in order to comply with regulations. The strength of such policies, though, lies in how they are constructed and followed. One of the most important factors is ensuring there is no room for loopholes.
An example of how this has gone wrong is in the case of ImClone Systems. One day before the FDA announced the rejection of the company’s drug, the CEO informed his daughter of the news. She subsequently sold a huge portion of shares, and her friend, Martha Stewart, did the same.
The share price plummeted the following day and the family profited at the expense of other investors, with the CEO convicted of insider trading. Yet, stronger internal control policies could have prevented the case.
Ensuring that teams follow the procedures is the second part of strong policies. Automation is the only way that you can be sure policies are actually respected and followed. Automation is also proven to reduce costs by 41% when applied to key finance processes.
Data management policies
Data management policies detail how your finance department should collect, treat and store its data. Due to regulations like GDPR and the California Consumer Privacy Act, many companies are now required to set out their data management policies in compliance.
Data management policies are an effective measure in combating many of the examples of fraud in business we’ve mentioned. For example, policies could state that employees are not to share sensitive log-in information to external email addresses – recognizing and preventing a phishing attempt.
Likewise, a personal information management policy around merchant bank details could prevent the changing of account information without verification checks. This would ensure attempts of invoice fraud are thwarted.
Fraud prevention software
Fraud prevention software uses automation technology for the finance team in order to secure operations and digital records. It’s designed to detect deceit and block attempts of fraud.
Fraud detection software is important in preventing common examples of fraud in business because it increases confidence levels in both your operations and decision-making. Passing all of your data through such a platform allows you to evaluate risks in real-time and protect your company from various cybersecurity threats.
Trustpair itself is an example of a fraud-prevention platform. We specifically target payment fraud and have a 100% record of success, saving our clients over $60 million since we began. Learn more about how we lead the fight against fraudsters when you request a demo.
Seven dangerous examples of fraud in business include accounting, payroll, invoice and vendor fraud, alongside money laundering and phishing attacks. Fraud protection measures can ensure your company isn’t compromised by fraudulent activity. They include creating controls, training staff, and using specific anti-fraud software.