FRAUD HELP DESK

THE DUTCH NATIONAL ANTI-FRAUD HOTLINE

Something fishy?
Report fraud to us between 09.00 and 17.00 Monday to Friday
01 Mar 2017
Avoid identity theft and other business scams

Businesses are increasingly targeted by criminals who impersonate them for a wide array of identity fraud schemes. As an entrepreneur, you would do well to know exactly where these threats comes from, how they works and how to respond when scammers run off with your corporate identity.

 

BUSINESS IDENTITY THEFT IN THE NETHERLANDS – 2016 IN FIGURES


Almost
€ 1.5 m

 
Total company losses as a result of business identity theft as reported to Fraud Help Desk in 2016*

 
400

 

Reports involving this type of fraud came in to Fraud Help Desk in 2016.

 
75

 

Victims reported losing money in business scams last year.

*)These numbers include reports about both CEO impersonation fraud and corporate identity scams.

 

FIVE COMMON TYPES OF BUSINESS SCAMS

Click on the buttons for more information about each fraud type:


IMPERSONATING THE BUSINESS THROUGH EMAIL

 

It’s quite easy for scammers to send an email purporting to be from an existing company, particularly when this organisation doesn’t have strong online security in place. It can be very lucrative for fraudsters to impersonate a legitimate company: they can use a business identity to obtain information from other companies, send fake invoices or create fake emails that look look and sound authentic, and often contain graphics stolen from the company or organization from which the message claims to originate.

Fortunately, businesses can resort to various technologies to counter this type of fraud. These include Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC). People with limited technical knowledge many not find it very easy to set up SPF, DKIM and DMARC. They may want to enlist the help of their IT supplier.

ONLINE SHOPPING FRAUD

 

It’s been a very attractive money-earner for fraudsters for many years: setting up an e-commerce website, wait for people to order products and make an advance payment and never deliver those products. Legitimate Dutch companies have seen their identities stolen in recent years. are also abused. In August 2015, a series of similar fraud reports prompted Fraud Help Desk to assess a sample of ‘Dutch’ companies selling dairy products on the giant Chinese sales website Alibaba.com. It was found that almost 30 percent of these ‘Dutch’ companies were fake. The names of these companies had been used without authorisation by third parties engaging in fraudulent practices.

Our advice
It’s virtually impossible to stop scammers setting up shop on Alibaba.com under your name. The only thing you can do is act quickly when you spot

You do have to respond well to fast when you are there receive signals here. Contact the trading site and assign them to the fake profile. It is also wise to place a message on your site where your warns against abuse of your name. Also, set an automatic search via Google that the Internet is scoured in your name. This can help detect abuse early.

Read more: Unauthorised use of Dutch brand names on Alibaba.com

CEO IMPERSONATION SCAMS

 

CEO impersonation scams come in many variations. Criminals often send an email purporting to be from the Chief Executive Officer or Chief Financial Officer to their finance staff requesting that a large payment to be made to a third party abroad. In some cases, the team are told that they can verify the data by calling a lawyer. This ‘law firm’ is part of the scam.

Fraudsters can achieve the impersonation by tracking down the email accounts of the CEO and the finance staff member, who often works with an associated company or international subsidiary. This person will not know the CEO personally. The distance between them is such that the finance staff member does not dare to double-check the payment request. Sometimes, the scammers put them under tremendous time pressure.

In another variant, the scammers pose as IT suppliers who say they would like to carry out a test money transfer. This is in fact a real transfer. It also happens that fraudsters send letters informing admin staff about a new bank account for future payments. Of course, this account is held by the con artists.

Our advice
This is how you can help protect your business from CEO impersonation fraud:

• Make your staff aware of this type of fraud. Tell them never to transfer large sums of money on the basis of a telephone call or email.
• Impress upon your staff the importance of keeping to agreed working arrangements..
• Implement checking procedures for regular transfers of large sums of money.
• Be extra vigilant when large payments are requested, particularly if the money needs to be wired to a foreign account.
• Always check substantial payment requests with your direct supervisor, who would actually be the most logical person to make such requests.

INVOICE FRAUD

 

This type of scam is all about fake invoices. Criminals intercept genuine invoices from suppliers and then change the bank details on the invoice to an account under their control. Recipients unwittingly pay money to the wrong bank account.

Lees verder: Vier manieren waarop oplichters frauderen met uw facturen

Our advice
This is how you can reduce the risk of falling victim to invoice fraud:

• Always contact your point of contact with the company whose bank account details have been changed. Call the number in your contact list, not the one given on the invoice.
• Check whether new points of contact are really working for the company. Again, call your regular contact, using the contact details that you have on file.
• Make one person within your organization responsible for any changes to bank account information and make sure that this person is aware of the risks involved.
• When responding to emails from your customers or suppliers, never click ‘Reply’; select the recipient’s account from your contact list instead.
• Protect your email server adequately and use an antivirus system. Tell your staff to change their login details regularly and use “strong” passwords.
• Limit access to the server which has your billing software on it. Make designated staff aware of the dangers of virus attacks.
• If you have received a paper invoice, please ask for a digital version so that you can compare it with the paper bill.
• Check the document before you pay the bill. Look closely at the bank account number on it. Is there any Tipp-Ex, or a stamp or a sticker on the bill? If so, please contact the sender to verify both the invoice and the bank account details.
• Check here whether a suspicious invoice has been reported to Fraud Help Desk.

BUSINESS IDENTITY THEFT

 

In some cases, scammers go to great lengths in their attempts to deceive others. They delve into the structure of a company and use this information when they approach others. Often they present themselves as a legitimate organization to extort money from third parties. These scams are less direct than e-commerce sales fraud.

Here are some recent examples:

Scammers pose as the senior figure in a Dutch company and contact American lawyers with the request to prepare a sales contract. Read more.

An angry Frenchman recently appeared on the doorstep of an Alkmaar-based company, demanding delivery of a large consignment of soft drinks he had ordered. The Dutch company knows nothing of the order.  Read more.

 

An Amsterdam-based estate agency reports to Fraud Help Desk that a counterfeit website has been launched under its name. Read more.

Our advice
It’s not easy to prevent scammers from setting up shop on Alibaba.com using the name of your company. Act quickly when you receive any signals of scammer webshops with your name. Contact the main sales website and alert them to the fake profile. It is also wise to publish a message on your website informing visitors that your business ID has been stolen. Create an automatic Google alert so that you are notified immediately when new results for your company name show up in Google Search. This can help you detect identity theft at an early stage.