Jan:Feb 2017 Credit Management magazine

ASK THE EXPERTS
UNMASKING
FRAUD
David Thornley FCICM provides his expert view and advice on
how to prevent fraud and cyber crime.
IN the olden days, thieves wore masks; they
assailed their victims using the threat of
violence; perhaps they would force entry into
property and make off with ill-gotten gains. But
in doing so, they would invariably assume the risk
of discovery, capture and imprisonment. There is no
such thing as an honest thief, but at least back then,
the threat was clear, identifiable and for the most
part, preventable.
Nowadays, however, thieves operate from
behind a phalanx of technology which affords them
distance and anonymity from their victims. For this
reason, most of us assume that the thieves (let us not
call them ‘fraudsters’, for thieves is what they are)
will always be one step ahead, always sheltered,
always out of reach. Moreover, a street mugger or
a house burglar can perform no more than one or
two attempted robberies on a given day, but the
technology the modern cyber-thief utilises affords
him or her the opportunity to launch potentially
thousands of simultaneous attacks; most of which
yield nothing but a few will.
For these reasons, cyber-theft is particularly
insidious and particularly scary. It seems that in
every hour of every day our security, our finances,
our peace of mind and our very way of life is
under threat and we have neither the know-how
nor the equipment to do anything about it. This
threat of course extends to our places of work,
which in turn impacts on our livelihoods, and as
credit professionals, it surely falls within our remit
to protect our companies from such attacks to the
fullest extent of our abilities.
This is not easy. Threats come from a variety
of sources and in numerous guises. Recently, one
of our overseas customers received an email,
purporting to be from me, which asked him to pay
his next remittance to a different bank account.
The customer – who I have known for many years,
and with whom I am on cordial terms – was uneasy
about the tone and phrasing of the email and
accordingly called me for confirmation. Disaster
averted, but it sent alarm bells ringing and
caused me to launch an investigation to see if any
other customers had been emailed with similar
instructions. Thankfully none had. The matter was
reported to the bank and the authorities, but as I
write, I have no information as to the outcome.
The instance I have just described is a fairly
crude attempt at eliciting a theft and one which
sensible precautions should prevent, but other,
less obvious threats are harder to detect. The lastminute
instruction to change a delivery address for
example; or a customer sending in a ‘new driver’ to
collect an order; or indeed a large, out of the blue
enquiry from a potential customer. All these may
be harmless and quite valid, but equally may well
represent an attempt to defraud.
My advice when encountering these, or one of
any number of other, scenarios would be to take the
time to check it out as thoroughly as possible, using
every resource at your disposal. Be cautious, but
not paranoid and insist that your company installs
procedures to allow the breadth and scope to
conduct the necessary checks.
Finally, I urge you all to ‘skill up’; talk to experts
on prevention, the police, or the banks. Read
articles, take advice and increase awareness. The
thief may be one step ahead, but it is incumbent
upon all of us in the profession to do all we can to
narrow the gap.
The recognised standard
www.cicm.com January / February 2017 19