Out-Law News 2 min. read

UK Finance report shows persisting risk in invoice and CEO fraud for businesses


Invoice and CEO scams remain some of the main financial fraud risks businesses face, despite a drop in overall fraud losses in 2022 compared to the previous year, according to a report by UK Finance.

The annual fraud report by the financial services sector trade body showed that businesses continue to encounter a high level of these particular types of fraud, even though the total number of financial fraud cases and total value of losses have both decreased year-on-year.

Financial crime investigation expert Hinesh Shah of Pinsent Masons said the report is a reminder that businesses need to have robust fraud prevention measures.

“The report shows that, over the last year, businesses remain a prime target for scammers in invoice and CEO fraud, with losses totalling millions of pounds and growing year on year. This highlights the importance of implementing robust fraud prevention measures, such as multi-factor authentication and staff training, to protect against increasingly complex forms of fraudulent activity,” he said.

According to the report, in 2022, there were 6,729 cases in which businesses fell victim to an authorised push payment (APP) scam, where a criminal typically tricks individuals and businesses through deception and impersonation into sending money directly to an account controlled by the criminal. Although the case number declined slightly by 4% compared to 7,032 cases recorded in 2021, the value of payments identified as fraudulent stayed the same, at around £77 million.

The most frequent types of APP fraud in a business context are invoice and mandate fraud and CEO fraud. Around 44.8%, or £34.5m, of the fraudulent payments were due to invoice and mandate scams, such as when fraudsters target businesses by posing as suppliers and claiming that the payment bank account details have changed.

Another 16.8% of the £77m total was a result of CEO fraud, where the scammer manages to impersonate the CEO or other high-ranking official of the victim’s organisation to convince individuals – typically finance employees or secretaries – to make an urgent payment to the scammer’s account. The total value of CEO scams increased by 11% from £11.6m in 2021 to £12.9m in 2022, but the total number of cases dipped by 4%, from 396 to 382.

The report also showed that remote banking fraud, which can occur through internet banking, telephone banking and mobile banking, continues to be a major threat to businesses. Shah explained that this is because fraudsters are using increasingly sophisticated methods to exploit vulnerabilities in online banking systems.

“Businesses must ensure they have adequate security measures in place to protect their sensitive financial information and transactions, including regular software updates and strong password policies. Additionally, it is recommended to adopt additional validation checks to verify the identity of users,” suggested Shah.

In general, this year’s report demonstrated an overall reduction in financial fraud. The total amount stolen through fraud in 2022 was £1.2 billion, an 8% reduction from 2021. The total number of confirmed fraud cases fell by 4% to 2.99 million in 2022.

Payment card fraud accounted for the largest share, 45%, of the total financial fraud losses last year, while APP scams came second with 40%. Within APP scams, purchase scams accounted for 57% of all reported APP frauds. About 78% of APP frauds started online but the losses tend to be relatively small from these frauds, accounting for 36% of losses. In contrast, only 18% of APP frauds originated via telecoms but they account for 44% of losses.

Civil fraud expert Andrew Barns-Graham of Pinsent Masons said: “It’s important to bear in mind that these reports only record frauds which have been detected and reported. The real figures are difficult estimate but will inevitably much higher.”

“It is absolutely essential that businesses take self-help measures to protect themselves and their stakeholders against fraud. When they nevertheless fall prey to fraud, businesses should of course consider reporting the matter to the police, but they need to be realistic about the ability of the police to resource complex fraud investigations. More often than not, a fraud victim’s best chance of recovering their losses is to take matters into their own hands and pursue litigation in the civil courts,” he said.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.