Recently, the Financial Ombudsman Service ordered a Positive Solutions adviser to pay more than £65,000 in compensation for failing to check a client’s request to have their investment withdrawn from an investment product and placed into a bank account unknown to the intermediary and provider.
It transpired that the client’s email account had been hacked and fraudsters had been impersonating the individual to obtain the six-figure sum.
Dave Millet, director at independent telecoms brokerage Equinox Business Consulting, said fraudsters were now becoming increasingly proficient in swindling business owners through telecommunications
But he added that employers could take a number of steps to mitigate the risks and ensure they did not become a victim.
“A number of suppliers offer fraud detection and indemnity – some for free and some at a charge,” Mr Millet said.
“However, it is important to read the detail to understand exactly what is covered and how it works. For example, is it a change in call volumes or calls to a certain destination? How much of the fraud is covered? Is it from the point of detection, all of it, or the excess above a certain level?”
He said the owners of small and medium-sized enterprises in particular needed to exercise caution when speaking over the phone to individuals claiming to represent their provider, and that bosses should simply hang up when in doubt, or bar calls from unknown numbers or numbers they have never seen before.
He added: “Always leave time between ending the call and you calling the number back. Hackers try to leave the line open for a few minutes so their accomplices can hack into the phone system.”
The next step, he said, requires company heads to ensure that employees are aware of the risks and how to mitigate them. This could include the implementation of security measures, such as passwords, or questions that are not easy to decipher on their accounts.
The fourth step centres on the advent of internet solutions such as voice over IP, which gives individuals access to anything relating to their phones from a corporate computer network.
Mr Millet said: “The best configuration is to have physically separate phone and data networks. No data should be able to traverse between the two networks without passing through a network security device.”
He added that setting up call bars on premium numbers and international numbers – unless required for normal business – could limit the impact if telecommunication systems were compromised.
Adviser view
Robert Wilcocks, chief executive at London-based Wilcocks & Wilcocks, said: “A lot of it is common sense really. We adopt a cautious approach with every telephone or email conversation we have.
“We use encrypted messaging systems to communicate with our clients. I can’t imagine it being impervious to hacking, but I would argue that it significantly reduces the risk of being hacked.”
