5 Steps to Protect Your Business from Fraud

Share this:

At Geddes Capital, we like to think we have the necessary tools and experience to tackle fraud. Unfortunately, we still find ourselves exposed to fraud on an ongoing basis.

Fraudsters, especially within the financial sector, are more sophisticated than ever. Whether you are a small organisation or a large, commercial financial institution, fraud is affecting all of us.

We feel we have a duty to minimise fraud, not just for our business, but for the economy in general. That’s why we’re sharing 5 easy steps you can take to make your business more fraud-proof.

Impact of Fraud on SMEs

While the direct impact of fraud is clear, indirectly, it raises the cost of credit and of doing business for all players within the market.

We are passionate about helping South African SMEs thrive and grow. With limited resources and challenging economic conditions, most SMEs focus on growth and survival, not necessarily due diligence, digital controls, and risk management. This leaves SMEs particularly vulnerable to fraud attacks. It has never been more important to highlight these issues to ensure that fraud is minimised.

“Organisations lose about 5% of their revenue to fraud or theft each year. Whilst this can be expensive for a large institution, it can prove fatal for SMEs.” 

Our 5-Step Guide to Protect your Business from Fraud

1. ALWAYS be sceptical

Remember, fraud can come from anywhere; staff members, customers, suppliers as well as third parties. If a deal or opportunity sounds too good to be true, then it probably is.

At Geddes Capital, we have seen it all; fraudulent bank letters, doctored bank statements, falsified POPs and/or SWIFT notifications, Letters of Credit, and the list goes on. Here are some steps to help spot these sorts of fraudulent documents:

  • If you receive a bank letter from a third party, verify this directly with the bank. FnB, for example, provides a quick and easy service for this here.
  • If you receive PDF documents, use the necessary software to check to see if they have been altered. Although these methods are not able to eliminate fraud, being aware of what to look out for certainly helps to mitigate the risks.
  • Proof of payment slips are also often doctored. Nedbank, for example, offers incoming payment verifications here.

Sadly, it’s not about fraud elimination, the best we can do is fraud minimisation. These are the most challenging economic conditions of our time, and fraud can come from anywhere and anyone. Remember: Always, always verify!

2. Phishing Emails

We are all familiar with the aptly named ‘phishing’ emails. Most of us think we would be able to spot one immediately. Be warned, these are becoming more elaborate and sophisticated. Furthermore, as a business owner you may know what to look for, but do your employees?

So, what is phishing?

It is a cybercrime where scammers attempt to gather sensitive information and data from you. They will use multiple platforms, disguising themselves as your bank, a colleague, or a service provider such as PayPal or Microsoft.

The basic emails are always designed to look professional and legitimate. They will have the company logos and legitimate-looking links or attachments to click on. Once you click on these links or download an attachment, you will most likely be taken through to a fake website which can automatically install malware and viruses onto your device, allowing the hackers to steal your personal information or capture your username and passwords as you enter them. Scary stuff!


How to spot a ‘Phishing’ email:

  1. A bank, credit card company and most other professional service providers will NEVER contact you by email asking for personal information of any kind (even simple information such as your name or address). If you have a legitimate concern, contact your service provider directly before opening any such email.
  2. It is too good to be true! Our mantra for mitigating fraud risk is always to be sceptical. If you receive an email about an incredible offer for a holiday or a smartphone that seems too good to be true, then it probably is. If you genuinely are tempted, conduct an independent search for this deal to verify the authenticity of the email.
  3. Spelling and grammatical mistakes. Scammers have improved these easy-to-spot mistakes, however, if you do manage to spot one, the email may well have been sent by someone phishing.
  4. The subject line and email address of the sender. Always look at the email address of the sender to assess whether it is from a reasonable source.
  5. Urgency – the email stresses an immediate need for a response. This creates panic in the user and often results in them not considering the content and the possibility of the email being fraudulent.

3. Implement controls

Enforcing simple, easy-to-follow controls for you and your employees can hugely reduce the risk of being de-frauded:

  1. Ensure any online bank payments have multiple, internal approval steps across different departments and individuals. Segregation of duties and the effective management of this are vital.
  2. If you are paying a new beneficiary for the first time, call them directly and verify the bank details with a member of their accounts department. Remember, hackers can easily access email accounts thus allowing them to send you doctored invoices which may look the same but with a different account number.
  3. NEVER use public WiFi for business or banking-related activities. This increases the chances of criminals being able to view your confidential information. If you absolutely must use public Wifi, use a VPN.
  4. Ensure all devices used by employees are password protected. Many people still believe that regularly changing passwords will help to deter cybercrime. However, periodic password changes can have little or no positive impact on your company’s cybersecurity. Most password-based attacks have more to do with choosing weak password combinations. Ensure you and your employees use random passwords which will be harder to hack.
  5. Adapt and learn. Whatever your fraud prevention protocols are today, they will be obsolete tomorrow. It is important to stay up to date with new scams and mitigation techniques.

4. Educate employees to know what to look for

Perform regular anti-fraud training for employees. Not only will this effectively teach your employees what to look out for, but it sets a strong tone from management that fraud prevention is a crucial part of your company’s work culture.

5. Report Fraud!

If you don’t report fraud, you can’t fight it! Globally, it is estimated that nearly 85% of fraud and cybercrime goes unreported. According to the latest statistics released by the Southern African Fraud Prevention Service (SAFPS), South Africans have faced increased risk over the past year. Impersonation fraud has always been a significant risk in South Africa and cases have increased by a staggering 264% for the first five months of this year, SAFPS says. The impact of this is devastating for the economy and it has never been more crucial to ensure fraud is reported. The South African Fraud Prevention Service (SAFPS) exists to assist in the fight against fraud, through advice as well as a fraud victim registration platform which will assist applicants in preventing fraud. Click here: https://www.safps.org.za/

Those are our 5 steps to help you protect your business from fraud. If you found them helpful, let us know over on LinkedIn.

And remember, stay safe out there.

Need help? Let's chat!