What types of Business Impersonation Fraud should you be aware of?

By The North West Cyber Resilience Centre

Did you know? 
Criminals stole £129.4 million through Impersonation Fraud in the first half of 2021. An increase of 123%!
via UK Finance.

Cyber Attacks in 2021 are much more frequent and more complex because they are enabled digitally. To stay secure against business impersonation fraud, it’s important you are educating your staff and making sure they are verifying payment details before paying invoices. 

New figures from UK Finance show the number of impersonation scam cases have more than doubled in the first half of 2021. These scams resulted in criminals stealing £129.4 million through this type of fraud in the first half of 2021. In the same period last year, there were nearly 15,000 impersonation scam cases which led to £57.9 million being stolen.


CEO Fraud

This type of Business Impersonation Fraud is when the attackers attempt to spoof or take control of a senior leaders email address.

Often attackers will send emails that request a payment to be made urgently, your staff should double-check the sort-code, account number and amount(s) that are being requested to avoid falling victim to this type of fraud.

    We recommend that your staff are aware that they should gain a verbal confirmation of any payment request they receive from senior management. 


Invoice Fraud

This type of Business Impersonation Fraud is when a cyber-attacker will send a fake invoice hoping that it will slip into your inbox unnoticed and is paid without question.

Often cybercriminals will have spent time researching before sending out the invoice to staff. They will look to send the request at periods where they will have the maximum chance of success - busy payment periods (payroll weeks, end of tax year, Christmas).


What do you need to look out for?


  • Cyber-attackers often time impersonation scams during holidays (Summer, Christmas, Easter), they will step up their efforts when a key member of staff who would usually oversee invoices is away on holiday. Make sure staff are reminded of this type of attack during those periods.

  • If a client requests a change of payment details for long-standing invoices (especially via email), staff confirming the account details with their known contact over the phone. For an extra layer of security, you should consider using a test payment to confirm that payment has been received.

  • Make sure all your staff who deal with invoices know this process! Embed this additional layer of training when onboarding new employees and check-in periodically to keep staff aware of any additional changes to your processes.


Is it a genuine invoice or is it a fraudulent invoice?

  • Does the invoice show a change in details? (Account number and sort code)

  • Get senior staff approval on payment details before sending money for the first time to a new contact.
  • Always verbally confirm any change in payment details within your company.

  • Don’t be afraid to make a call to check up on an invoice. But use contact details you have stored on file or saved in your CRM system. Don’t trust the phone number if it’s different on the invoice - this could be fraudulent.


Worried about your staff? 

The Cyber Resilience Centre can deliver your staff security awareness training through a half-day session either online or in-person in your office. Our security awareness training session is interactive for attendees and builds upon key learnings through examples specific to your business and the industry you work in.

Ready to prepare your staff with security awareness training? Contact us today to learn more.

Related Posts

Subscribe to our newsletter

Sign up here