Social Engineering is a growing risk that many organisations are facing, as fraudsters develop increasingly sophisticated methods to defraud companies. Typically, fraudsters pose as legitimate individuals, such as a company director or senior managers. Other approaches include imitating both a supplier and/or a customer that is known to the business. They then leverage the social status or business relationships of the individual to gain money or information from an unwitting victim.

It would take almost a miracle to eliminate the risk of such fraud. However, like anything, there are risk management controls that, if adopted consistently, can assist organisations in reducing their risk. Listed below are some examples of measures which can be introduced to reduce the chance of loss:

• Dual controls for all payment types – ensures processes are in place so that no one person controls payment or data-change procedures.
• Authentication of invoices prior to payment being made, including email and call-back confirmations.
• When any changes to supplier, employee or client details are requested, a consistent robust verification process is followed – this may include a phone call, written documentation or even a different format on the first payment change.
• Regular independent review of generation reports showing all changes.
• Maintain secure storage, release and/or dispose of all sensitive or confidential information which could be used by fraudsters.