Please enable your browser to accept cookies and refresh this page to enjoy the best experience from this website and to dismiss this message.
In order to provide you with the best online experience this website uses cookies. By using our website, you agree to our use of cookies.OK

JPP Law Blog

Protecting your business against online fraud

Online fraud is now the most prevalent crime in England and Wales, affecting both individuals and businesses of all sizes to the tune of around £10 billion a year. The complexity with which cyber fraud can be carried out and the increasingly clever ways that criminals conceal themselves make the threat very difficult to manage.

Businesses of all sizes are vulnerable, with common weaknesses arising from poor password security, inadequate antivirus protection, vulnerable wireless networks and antiquated software, lack of up to date policies and staff training.  But there are steps that you can take to protect your business and it may be possible to recover losses if legal action is taken swiftly.

The consequences of your business being a victim of online fraud can be significant. As well as the obvious direct financial implications, including on your insurance premium, service or production may be interrupted, particularly where there has been an attack on your network.

Your business will also have to allocate time and resources to dealing with the recovery of assets and managing the expectations and concerns of clients. The reputation of your company may suffer, particularly if former or current employees are implicated in the fraudulent activity.

Three key areas to beware of are invoice fraud, phishing and cloning

Invoice fraud

Invoice fraud occurs where the fraudster creates and sends you an invoice that looks identical to that of a legitimate supplier. It may appear to come from a genuine email address.

You may also be vulnerable to telephone fraud where staff are tricked into revealing important bank account payment details. Employees are then duped into transferring money under false pretences.

With multiple requests for payment coming into a company, it can be easy for a fraudulent invoice to go unnoticed or for an accounts department to be deceived into providing financial information.


Phishing emails are a means of fraudulently attempting to obtain sensitive information such as usernames, passwords and credit card details.

Fraudsters are constantly developing the use of email for criminal activity, including disguising emails as a reply to a previous email and asking the recipient to click a link. The link enables malware to be downloaded onto the recipient's computer, which can then be used to steal sensitive information.


Another tactic is to clone your entire website to divert traffic from your business.  This will have an effect on your financial viability and your reputation when customers start to complain that they have not received the goods or services which they ordered.  Clients may also be misled into transferring money or providing sensitive information.

If you own the copyright in the design and content of your website, there is also the possibility that your company's intellectual property rights may have been infringed if someone reproduces your website without your permission.

Minimising the risks

The first step is to ensure that you have robust security protections in place. Installing and regularly updating antivirus software and firewalls is crucial, as is ensuring your wireless network is sufficiently secure.

Second, implement a robust password policy that requires staff to choose combinations of letters, characters and numbers and put in place training on the dangers of opening phishing emails and the importance of verifying the authenticity of invoices.

Having adequate insurance cover against online fraud is vital, as is maintaining disaster recovery plans and procedures.

It is worth carrying out an audit of your systems and business practices to assess where your weaknesses may lie. For example, if you regularly have a low staff presence during holiday periods, consider taking steps to change this. Is your social media policy sufficiently strong to prevent the leakage of sensitive information? Consider also limiting the number of staff who have access to sensitive documents and restricting remote access to confidential files.  You should carry out regular monitoring of the internet to identify potential clones.

How your solicitor can help

If you discover that your business has been the victim of fraud, you should seek legal advice straight away. Acting quickly gives your solicitor the best chance of being able to trace and recover stolen money.

This may include asking a court for an injunction, called a freezing order, to prevent the funds from being dispersed around the world.  Recently, an important court ruling decided that worldwide freezing orders can be made even where the identities of the criminals are unknown.

Your solicitor can advise you on employment issues where an employee or director is involved in the fraud, and on reputation management to make sure your business is protected as far as possible.

The best way to protect your organisation is to put in place strong and effective measures to prevent online fraud. By considering the risks early and instilling a culture of awareness, you are already one step ahead.

For further advice on any of the issues raised in this article, or for commercial law advice more generally, please contact JPP Law on 020 3468 3064 or email

Share This Post: