Fraud and cyber crime – the scale of the threat: how criminals target businesses

Fraud and cyber crime continue to rise in scale and complexity, affecting both businesses and individuals across the UK. The most recent Crime Survey for England and Wales found that fraud and cyber crime now represents half of all crime, costing the UK economy an estimated £193 billion a year.

Over the coming months, this series of articles from City of London Police will cover some of the most common tactics criminals have been using to target businesses and what businesses can do to make themselves a harder target.

The most prevalent threat – Email and social media hacking

750 businesses reported their email or social media accounts hacked in the last year; that’s 45% of all cyber-dependent crime reported to Action Fraud in 2022. It’s not just large organisations that are targeted either: over 75% of the reports were made by small and medium-sized businesses.

Email and social media are increasingly the main channels of communication between a business and its customers, and any compromise of those channels could lead to significant financial, legal and reputational damage.

Analysis of crime reports reveals that the most common tactic criminals used to gain access to a business’s online accounts was to try and trick employees with the use of fake emails purporting to be from social media companies, such as Facebook. Employees received emails claiming that the business’s Facebook page needed to be “verified” and were instructed to proceed with the verification process using the link provided in the email. The links would invariably lead to genuine-looking login pages that were created to steal usernames and passwords. In some cases, businesses used the same password for their email and social media accounts, which meant that criminals could compromise multiple accounts using one stolen password.

How to protect your business’s email and social media accounts

There are some simple and practical steps that every business can take to protect their accounts.

Step 1: Ensure that your email accounts are protected using a strong password that isn’t being used for any other online account. Combining 3 random words that each mean something to you is a great way to create a password that is easy to remember but hard to crack.

Do not use words that can be guessed (like your pet’s name). You can include numbers and symbols if needed. For example, “Hippo!PizzaRocket1”.

Step 2: Enable 2-Step Verification for your email and social media accounts. 2-Step Verification (2SV) gives you twice the protection so even if cyber criminals have your password, they can’t access your email. 2SV works by asking for more information to prove your identity. For example, getting a code sent to your phone when you sign in using a new device or change settings such as your password.

For more information on how to enable 2SV on your accounts, please see this handy guide from the National Cyber Security Centre at www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online

Reporting fraud and cyber crime

If you or your business have fallen victim to fraud or cyber crime, you should report it to: www.actionfraud.police.uk, or by calling 0300 123 2040.

If you are a business, charity or other organisation which is currently suffering a live cyber attack (in progress), please call 0300 123 2040 immediately.

Specialist advisors are available 24 hours a day, 7 days a week.