Fraud: how to protect yourself, how to react?

Discover the procedure to follow

When it comes to fraud, no one is immune - 46% of organizations say they have been victims of fraud in the past 24 months (Global Economic Crime and Fraud Survey 2022, PwC). Cybercrime, asset misappropriation and accounting fraud are the main three sources of fraud, while the crisis has created new loopholes exploited by fraudsters. In 2021, for 1 in 3 victim companies, the damage suffered was more than €10,000 (Euler Hermès Study 2021, DFCG).

In this context, how should the company react?

 

The different types of fraud

First and foremost are external frauds, and among them are those related to cybercrime. While the Covid crisis has allowed an unprecedented development of telework, this phenomenon has gone hand in hand with an increased vulnerability of companies, particularly on the side of external fraud.

With identity theft as a technique favoured by cybercriminals, fraud against the President or supplier fraud remain major sources. Fraud related to emergency payments for the repatriation of employees or for the availability of equipment was widely used during the Covid 19 crisis. Indeed, the occurrence of a crisis is without context an accelerator of fraud - for example, more than 70 sites on surgical masks have since been closed by the French national gendarmerie.

Finally, ransomware (ransom demands, +41% in 2021 after cybermalice.gouv.fr) or phishing (phishing, +86% compared to 2020) are gaining in intensity from year to year and are becoming more complex.

The second type of fraud is that related to internal fraud, more specifically those related to asset misappropriation.

  • The first type of asset diversion concerns the outflow of cash. Cash outflow is synonymous with invoices, through the issuance of fake invoices or overbilling (when there is collusion between buyers and suppliers). While it is more natural to apply special vigilance in the review of the validation process for large-amount invoices via multiple approval channels, invoices with smaller amounts are often less controlled. But fraudsters have understood this well and it is on this aspect that greater vigilance on the part of accounting teams must be focused. Even if the amounts are small, the acts are numerous and the amount in fine may be significant.
  • Payments related to old orders but still open in the systems and not fully used: take the example of an order of 100,000 €, billed 95,000 € by the supplier. The fraudster will use this delta to charge up to €5,000 via a fraudulent RIB.
  • Pockets of latent profit, on old transactions: this is for example a client who would suddenly ask, a few years later, to issue a credit note. Vigilance must be special on these elements.

The third type of fraud is accounting fraud.

Until now, accounting fraud has consisted of embellishing financial statements. This type of fraud can be applied to companies in difficulty that seek to improve their financial status through fraud and thus escape bankruptcy. The other aspect of accounting fraud can on the contrary seek to voluntarily increase the balance sheet (especially during the troubled year in 2020 -2021) to ensure de facto better results the following year.

In times of crisis, intense activity, or structuring events such as mergers or restructuring, the internal threat tends to grow. Insider threats are a significant risk that should be monitored and measured with particular vigilance.

 

How to protect yourself? The triptych sensitize, control, audit

 

1- Raise awareness

Raising awareness among those likely to be the targets of these attacks, that is to say, staff who are able to act on financial transactions, is essential to limit the risks of fraud.

 2- Be able to control or maintain critical thinking skills

The personal human initiative (doubt, suspicion) is cited 80% as a device that allowed to thwart an attempt of fraud, before internal control procedures (48%) or IT security (41%) (Barometer Euler Hermès - DFCG, 2021), proof if it is true that the human being remains at the heart of the fight against fraud. However, data analysis is essential to feed the internal control system. The challenge lies in the recovery of relevant data, to analyze it in detail and identify fraud. Artificial intelligence can be an important asset of internal control in fraud detection. But when it comes to fraud, artificial intelligence only exists if human intelligence comes first.

 

3- Audit

By this term, we mean to look in detail at the financial statements of the company, and to make a critical review of what happened through an in-depth analysis of these data.

The fight against fraud raises the issue of traceability, involving an ability to go back in time to identify critical points, their sources, and the reasons for the occurrence of fraud. 

Apart from these essential recommendations, here are some important reflexes to apply to guard against fraud:

  1. Follow validation channels and segregation of duties principles.  This is to avoid the situation where a person has to make a payment decision without being able to talk to a responsible third party. Compliance with applicable rules and procedures, including during "abnormal" periods, is an indispensable bulwark in the fight against fraud.
  2. A change of RIB must imperatively involve a counter-appeal procedure. It is then a question of ensuring directly with the supplier, via his privileged and known contact, of the effective change of the RIB and not diligent by a fraudster.
  3. Keep a daily eye on your cash flow to identify as soon as possible an unexpected and suspicious cash outflow.
  4. Ensure accurate and daily monitoring of threats, which are by nature protean and evolutionary. In this context, it may be necessary to equip itself with monitoring tools, particularly on the cyber dimension or investigative tools to equip its internal control. PwC’s. Threat Watch tool collects, selects and analyzes qualified information, allowing you to keep a close eye on threats and protect yourself against them. Indeed, it is essential to be informed of the practices of fraudsters and it is strongly recommended to train, in particular to observe how internal control applies when a fraud occurs.

How to react? Report, file a complaint, sanction

Despite your vigilance, you are a victim of fraud. What to do when fraud is found and proven? The first step must be to file a complaint very quickly, providing the authorities with as much evidence as possible. In case of attempted fraud, platforms allow to issue reports as cybermalice.gouv.fr or internet-signalement.gouv.fr. For fraud to be punished, it must be reported.

In addition to filing complaints, it is essential to react quickly to limit the impact. The longer a fraud lasts, the more expensive it is.

When it comes to fraud, no one is spared, these misadventures do not only happen to others. Humility is therefore required. No privileged sector or target company size: the risk of fraud applies to everyone without exception. In this context, the fight against fraud must be ongoing. This is an old and moving subject, which adapts very quickly and requires increased vigilance and knowledge of all.