Stay one step ahead of the fraudsters with our series of articles giving you the lowdown on the scams they use to trick people out of their hard-earned cash – and how to avoid being taken in by them.
This week, how to avoid being taken in by work-based phishing emails, which became 39% more common in the last three months of 2016.
How does it work?
Fraudsters have cottoned on to a way to steal even more money from honest individuals: targeting employees with emails supposedly from someone from someone who has authority over them, such as the CEO or chief financial officer of their company.
The practice, known as business email compromise, or CEO fraud, is commonly used to trick workers into making money transfers to bank accounts controlled by cyber criminals.
Mike Hulett, head of operations for the National Crime Agency’s National Cyber Crime Unit (NCCU), said: "These attacks have become increasingly sophisticated.
"They have moved beyond simple phishing emails, with cyber criminals monitoring potential victims for months to work out their level of authority, when the chief of finance goes on holiday, and who does what to the social engineering email."
How can I avoid being caught out?
If you receive an unusual payment request from anyone in your company, it is always a good idea to check it directly, ideally in person or by telephone, using contact details you know to be correct – even if the language and phrasing of the email sounds plausible.
Other sensible steps include never sharing personal information with companies or people if you haven’t verified their credentials, and keeping your computer up to date with anti-virus software.
I’ve been defrauded. What should I do?
The first thing to do if you think you have fallen for a business email compromise or money transfer scam is to contact your bank to see if you can stop the transfer and to make sure your accounts are secure.
Anyone who has been the victim of this type of crime should also report the problem to Action Fraud (0300 123 2040).