10 February 2023 5 minute read

How to protect your business against financial cybercrime

Fraud can seriously impact a business's financial health. Learn how to spot the signs of online financial crime and protect your cross-border payments.
How to protect your business against financial cybercrime

Technology has revolutionised how we spend, send, and secure our money. Whether buying a morning coffee or making multi-million-dollar business deals, we all benefit from payment innovation.

Capital now moves faster than ever before, and despite increased safeguarding and robust data protection laws, businesses have never been more at risk of fraud, particularly online.

This article will explore the world of financial cybercrime and how it can impact your business. By learning how to identify online scams, you will be able to confidently send, receive, and exchange international payments whilst giving fraudsters a run for their money.

What are cybercrimes and online payment scams?

In simple terms, cybercrime is any criminal activity that happens through online or digital means. Financial crime, through payment scams, is the most common type of cybercrime committed globally.

Online fraud can vary massively in scale, but the motivation is always the same – financial gain. Fraudsters are notoriously imaginative when developing scams and continually seek for new ways to trick business owners into handing over their hard-earned money.

However, knowing how to spot the most common financial cybercrimes will go a long way in helping to protect your business. Let's get started:

Phishing, smishing, vishing, and quishing

Phishing is one of the oldest and simplest online scams. It occurs when people or businesses are tricked into sharing sensitive information such as bank details, passwords, or credit card numbers.

In most all cases, phishing attacks happen via links sent in emails, SMS, or social media, with an attacker fraudulently using the cover of a recognised business, such as a bank, to convince the victim that the message is legitimate.

Five ways to spot a phishing scam

1. The message is sent from a public email domain

One of the clearest signs of a fake email is a ‘business’ using a public service such as Google or Outlook. For example, all emails sent by 3S Money will be delivered from '@3s.money'.

2. The domain name is misspelt

An obvious spelling mistake in an email address is a serious red flag. However, hackers aren’t stupid, and an intentional error can be hidden in plain sight. An email from ‘@microsfrtfonline.com’ can easily be misinterpreted as ‘@microsoftonline.com’. 

3. The email contains errors

There’s an unspoken expectation that business emails should be addressed correctly and contain little to no errors.

An email should be considered suspicious if it contains repeated grammatical errors, spelling mistakes, and missing words. If you suspect an email is fake, report it to your domain provider. If required, you can attempt to contact the sender through an alternative means of communication.

4. The email contains suspicious attachments or links

The use of buttons and links is now commonplace in emails, and it’s easy to click without thinking. Taking a moment to double-check a link’s destination can help reduce risk. To do this on a computer, hover your mouse over the link. Press and hold down on the link on a mobile device, and a pop-up will appear.

5. The message creates a sense of urgency

Fraudsters rely on creating a sense of importance – ensuring you act as quickly as possible to work on their request. Take a moment to read an email more than once and consider the sender’s intentions. If you’re unsure, ask a colleague for a second opinion or try to contact the sender directly.

What is smishing?

Unlike phishing, smishing happens exclusively through SMS or other instant messages. Once a relatively unknown type of scam, the number of smishing attacks has multiplied in recent years. A perfect storm of unrestrained ecommerce growth, COVID-19 restrictions, and work-from-home protocols created the ideal opportunity for message-based fraud.

How to avoid a smishing scam

Avoiding smishing scams is difficult because we receive so many messages. However, there are a few steps you can take to reduce risk and keep your information safe:

  1. Don’t reply or interact with a text from an unrecognised number.
     

  2. Report and delete spam messages.
     

  3. Always use a secure and encrypted messaging service.
     

  4. Avoid publicly sharing your mobile number.
     

  5. Never make payments through mobile links or messaging platform

What is vishing?

Where smishing attacks happen via messages, Vishing occurs over the phone. ‘Vishers’ use fake phone numbers, voice-altering software, and deceptive conversation techniques to convince people to hand over sensitive information.

A typical example of a vishing attack is a fraudster calling a potential victim, pretending to be a representative from their bank. A typical story is that there’s a problem with authorising an account or a payment needs approving. The attacker’s aim is for the account holder to reveal their security information so they can hack their online banking apps or force a transfer of funds to a fraudulent account.

How to spot and avoid a vishing scam

Mobile phones have become integral to our personal and professional lives. We’re easier to contact than ever before, and fraudsters use this to their advantage. If you’re unsure of how to respond to a suspicious call, follow these basic steps: 

1. Don't pick up the phone

If you don’t recognise the number or you’re not expecting a call - simply let it go to voicemail. Listen to your messages and decide whether to call the person back.

2. Just hang up

Don't feel obliged to speak if you suspect a vishing phone call. Simply hang up and block the number. Trust us when we say that a potential scammer won’t be offended.

3. Don't press buttons or respond to prompts

If you receive an automated message that asks you to press buttons or respond to questions, don't engage. Harmful agents often use these tricks to identify potential targets for further automated calls. Your voice may also be recorded and used to pass a voice-automated phone security process linked to your bank account.

What is quishing?

Quishing is an online scam that uses QR codes as a gateway to information sharing. A business may encounter quishing through a QR code embedded in a legitimate-looking phishing email.

For example, a business receives an email impersonating their local tax authority regarding an overdue tax bill. The email instructs the business owner to scan an embedded QR to make the payment online. After scanning the QR code, the user enters their financial information on a fake website that looks legitimate. 

How to spot and avoid a quishing scam


As QR codes look like a random pattern of lines of squares, knowing how to spot a fake is difficult. With the popularity of QR codes only continuing to grow, there are three main things you can do to avoid being duped:
  1. Only scan a QR code if you trust the source/sender of an email.
     

  2. Avoid scanning public QR code stickers where possible.
     

  3. Check the URL that the code generates is correct before clicking.

The quicker a new payment technology develops, the faster fraudsters will be to utilise it. Financial institutions are growing more aware of QR code scams and are actively working to help prevent them. If you think you’ve been the victim of a QR code scam, contact your banking provider immediately.

Identity theft & impersonation scams

Impersonation scams happen when criminals impersonate trusted organisations to encourage victims to send money or disclose personal details. In reality, any business can become a victim of impersonation, however scammers like to ape big hitters such as banks, tax authorities, pension providers, and even the Police.

The tactics employed in impersonation scams tend to involve using email, SMS, social media or phone calls using cloned IDs and contact details. These details help to convince the recipient that the communication is legitimate.

How to spot an impersonation scam

1. Identification

You receive an unexpected call, text, email, or social media message with an urgent request for your personal or financial information or to make a payment.

2. Urgency

You’re asked to act immediately with the claim that ‘your money is at risk’ or ‘your account will be blocked’ if you don’t comply.

3. Action

The caller asks you to transfer money to another account for ‘safe-keeping’ or to buy goods. 

When scaling a business internationally, keeping track of all your contacts can be difficult. Selectively choosing the payment partners and service providers your company works with can help eliminate impersonation fraud. Every 3S Money account comes with a dedicated Client Manager - an international payments expert who’ll give you peace of mind when you need it most. 

Authorised Push Payments

Authorised push payment (APP) scams force people to transfer money to fake accounts, as quickly as possible. These scams are commonplace when the speed of payment is in the sender’s interest.

International businesses are particularly vulnerable to APP fraud, as most global financial administration happens remotely. Fraudsters can use straightforward digital tricks to replicate invoices, orders of work, and other contractual documents that create a sense of payment urgency.

In some circumstances, this can even result in legitimate account details being updated to those of criminal actors, meaning they get paid instead of the intended recipient. 

How to protect your business from authorised push payment fraud

Maintaining good administrative practices and staying vigilant can go a long way to keeping your and your customers’ details safe. If something doesn’t look, sound, or feel right – always err on caution.

  1. Only make payments through recognised payment providers.
     

  2. Never make a payment to an unrecognised person or entity.
     

  3. Regularly review who has access to your business accounts.
     

  4. If you feel pressured to make a payment – don’t make it.
     

  5. Keep a record of business contacts and only communicate with them directly.

Payment interceptions

Payment interceptions, also known as ‘man in the middle’ scams, occur when bank details are changed, and money lands in a different account. This type of scam takes place through hacked or impersonated emails.

A criminal will impersonate a business or individual you regularly transact with and request that you update their payment details. This can mean that well-intentioned transfers end up in the pockets of fraudsters, your details are compromised, and your suppliers aren’t being paid.

If you're asked to update or change payment details, always:

  1. If you believe you recognise the sender, contact them to confirm if their request is legitimate.
     

  2. Review all communications for grammar, spelling, and punctuation errors.
     

  3. Don’t open any links or attachments, or scan QR codes within a suspicious email. 

Chargeback fraud and purchase scams

Purchase scams happen when you pay for an item that never arrives or a service that isn’t delivered. This is one of the most common financial fraud types and impacts every industry.

Chargeback fraud, also known as friendly fraud, happens when a ‘customer’ purchases an item with a debit or credit card and then disputes the charge with their bank. Their aim is receive a refund and keep the item for free. So-called ‘cyber-shoplifting’ makes up 80% of all global chargeback requests and will cost merchants $117.5 billion by 2023.

How to protect your business against chargeback and purchase fraud

1. Use robust payment verification methods

Working with innovative payment partners will give you peace of mind that every card or online payment is made securely.

2. Remind customers of recurring payments

Send your customers a notification email to remind them of any upcoming payments. Friendly chargeback fraud can easily occur when a previously authorised payment is forgotten and noticed later.

3. Use clear transaction descriptions

A legitimate purchase can be mistaken as fraudulent if a customer doesn’t recognise the name that appears on their bank statement.

How to protect your business from online financial crime

Cybercrime is now part of everyday life for modern businesses. That’s why bolstering your company’s defences has never been more critical. Using common sense and innovative technology helps combat any of the threats covered in this article.

1. Always think before you click

With the internet seeping into more and more elements of our daily lives, it’s understandable that complacency can creep in. Vigilance and an up-to-date awareness of online fraud will keep you on your toes, allowing you to identify suspicious behaviour. We suggest following the National Cyber Security Centre for helpful tips and tricks to stay safe online.

2. Use strong passwords

A single password break can compromise every area of your business and we always recommend using a password protection platform.

3. Always check your account statement to check for unrecognised transactions.

Fraudsters aren’t stupid: online scams are designed to fly over your head. That’s why keeping an eye on account statements for fraudulent transactions can be a lifesaver. Consolidating your international business accounts can help streamline your transaction monitoring. 

4. If something is too good to be true, it probably is

This popular lesson for life is just as applicable to online security as anything else. Questioning unfamiliar orders and invoices should be your first port of call when suspicions arise. It’s always better to be safe than sorry.

5. Always verify a payee or recipient’s identity

Anonymity can be a massive benefit of the online space for various reasons. However, for businesses, allowing users to purchase products without verification isn’t one of them. Verifying the identity of a payee and recipient is vital as it severely reduces the opportunities for fraudulent authorised push payments to be successful.

How can 3S Money help keep your international payments safe?

3S Money's mission is to help every business level up their payment capabilities by providing access to fairer financial services solutions. We place security at the heart of every payment - giving our clients the peace of mind they need when scaling new markets.

Here are five reasons why opening a 3S Money account can help your business make international payments with confidence:

  1. A complete overview of every incoming and outgoing cross-border payment.
     

  2. 100% liquidity and money ringfenced with world-leading banks.
     

  3. Robust safeguarding and transaction monitoring procedures.
     

  4. A dedicated Client Manager assigned to your account.
     

  5. We are globally regulated to ensure we meet the highest standards.

We pride ourselves on providing a simple service without the jargon. Our international payment solutions are faster, safer, and more innovative that any high-street bank. We provide both small and large companies, wherever in the world they're based, the opportunity to make hassle-free payments in 65+ currencies and 190+ countries.

If you have any questions regarding our International Business Account or how 3S Money could help your business, our team is always here to help.

Enjoy this blog?  Share with your connections