Scam attempts directed at companies are becoming increasingly skillful

Technology | 29.01.2024

by Janne Blomqvist

Many Finns have themselves been scammed, or at the very least they know somebody whose credit card number has been leaked or whose online marketplace purchase went awry. Scammers target companies as well, and scams are especially numerous in the summertime. Here Janne Blomqvist, a specialist for Azets, an expert of corporate, talks about the signs that should raise suspicion, and gives tips on how to best protect your company against scammers.

Scams are often committed by international criminals whose operations are very professional. Therefore, the means that the scammers use are constantly becoming harder and harder to detect. However, certain signs often remain, and advanced technology can also help to protect us against scams.

Summer is the peak season for scammers because many companies are staffed by temps and summer workers who are assumed to be inexperienced and therefore more likely to fall for a scam.

“Companies with international activities are at the highest risk. They order items from abroad, for e.g., which means that receiving invoices from abroad is normal for them.  If a company only operates in Finland, then naturally they will not pay an invoice from abroad by mistake”, Blomqvist says.

When should the alarm bells start ringing?

“As a rule, you should not approve payment requests made via email, at least not without critical analysis.  Email accounts can be hijacked, and scammers can also create email accounts that very closely resemble real ones, and then use those accounts to send the fraudulent payment requests. Even though an email invoice appears to have come from a familiar company and from a person you know, you should always at least call them and verify that they really sent the invoice”, says Blomqvist.

One should be especially alert when there is something with the invoice that differs from usual procedures, for e.g., if the sender of the invoice says that they need to send the invoice via email because it is urgent, or asks you to pay the invoice to an unfamiliar bank account.

“It is typical that they ask for payment very quickly. The criminals try to get their money out of the SEPA area as quickly as possible. When a supplier’s bank account number changes, you must always verify the matter in a reliable way”, he says.

“In Finland the banks are very particular when it comes to opening new bank accounts, but unfortunately this is not the case everywhere. If the criminals manage to get the scammed money outside of the SEPA area, it is usually impossible to recover”, he continues.

Even if their domain name ends in .fi, or even if they have a Finnish phone number, it does not mean you are safe.

“You should always read email addresses and URLs very carefully. For e.g., just recently a scam website ending in .fi that contained the name of a well-known bank was found. Luckily, it was closed down quickly with the help of Traficom's National Cyber Security Centre”, Blomqvist says.

Read also Protect your business from scams

How to avoid getting scammed

  1. Make sure that you have really ordered the invoiced product or service.
  2. Prevent dangerous job combinations. A person who has the authority to approve payments should never be able to also change bank account numbers, for example. This means that fooling just one person is never enough.
  3. You should always stick to regular procedures. A scammer often invokes urgency, authority, exceptional circumstances or the fact that it’s just that one individual invoice. Exceptionally large invoices should always be verified with a call.
  4. Ensure that the people who are responsible for approving payments are thoroughly familiar with the monetary transactions of the company and know which payments should be scrutinised more thoroughly. Despite their position, the CEO might not be the best possible person to approve payments.
  5. Ensure that data systems and email accounts are well protected with two-factor authentication, and that all data transfers are secured.
  6. Avoiding manual payments entirely is hardly possible. One must be especially careful with these, and always have at least four eyes look at them.
  7. Utilise solutions enabled by automation. Accounting firms might employ AI solutions that identify scam messages and, once observed, block them for all of their clients.

We invite you to reach out to us at your earliest convenience. Our team of experts is eager to assist you in establishing seamless and dependable accounting, payroll, legal, and HR services for your business in Finland.

Connect with us

Yes, please handle my request. I agree that Azets receives and stores my contact information in accordance with the Privacy Statement.

Yes, I  would like Azets to send me relevant information on email based on my interests. I can unsubscribe at any time.

post author

About Janne Blomqvist

Director, Financial services, and Member of Board