Cybercriminals are increasingly turning their attention to small and medium-sized enterprises including farms, because they know people running these businesses often live and work in isolation and are probably an easier target than larger companies which may have more security in place.
Farmers need to be especially vigilant towards the end of the year, as scammers are aware that that is when BPS payments begin to arrive.
How big is the problem?
There are no figures available for the total cost of such crimes to the agricultural sector – partly because many people are too embarrassed to admit they have become a victim. Banks are also reluctant to say how much their farming customers have lost to fraud.
However, there have been cases where individual farmers have been swindled out of tens of thousands of pounds, putting extreme pressure on their personal and business finances.
The Office for National Statistics (ONS) says people are more likely to fall victim to fraud or cyber offences than any other crime.
How likely are you to get your money back?
Criminals are using a fast-changing range of approaches to steal from farmers.
Some look for data which they can either sell or use themselves to commit a further crime – such as raiding the farm’s bank accounts, setting up a fake website to mimic that of another business or redirecting payments to suppliers.
Others may try to commit extortion by blocking the computer systems of a business, demanding payments in return for unlocking the data.
In the case of crimes where people are tricked into buying items of machinery that do not exist or have been misrepresented, there is often little prospect of being able to recover the money.
Where payments are fraudulently made without customers’ authorisation, banks are generally obliged to refund what has been taken.
In cases where victims are conned into authorising bank payments because they believe the fraudster is genuine, then banks have often fallen back on the defence that customers have acted with “gross negligence” – which would mean they’re not liable for the money their customer has lost.
However, from the end of May 2019 a new voluntary scheme has been introduced which could make it easier for victims to claim reimbursement.
Banks which sign up to the code will reimburse money to the victims of scams where they have been tricked into authorising payments, if the customer can demonstrate that they took reasonable care and that the bank has failed to live up to its responsibilities.
Insurance against cybercrimes is available to farmers and this can cover a range of losses resulting from an attack.
Types of fraud
There are several common types of scams:
Banking deception This is when someone is manipulated into transferring money from their own bank account to one belonging to a scammer.
Criminals will often impersonate by phone or text a trusted organisation such as a bank, government agency such as HMRC, a utility company or agricultural contractor, using information gleaned from phishing emails or texts to help them appear genuine.
The criminal often claims that there has been suspicious activity on an account, that a refund is owed or that account details need to be “updated” or “verified” and that the customer must act quickly.
In some instances, the criminal’s aim is to get enough stolen information to allow them to access a bank account and make an unauthorised payment.
In others the goal is to trick the victim into authorising a payment to them, in the belief that they are dealing with a genuine caller.
Invoice scams In an invoice scam, a farmer attempts to pay an invoice to a legitimate payee, but the scammer intervenes to convince the victim to redirect the payment to their own account.
This type of scam often involves the interception of emails, with the criminal subsequently posing as the supplier, mimicking very closely the genuine supplier’s invoices and emails. They seek payment and send the customer an email informing them that the bank account to which the payment should be made has changed.
Criminals who specialise in invoice fraud often know when regular payments are due and so the emails will appear to be genuine.
Shopping fraud This is when farmers become victim to fraud when buying or selling machinery, tools or other supplies online.
This scam can involve fraudsters creating fake websites, using business details and photographs based on real farms or genuine companies selling machinery but which do not have an online presence.
The websites are then used to advertise non-existent tractors and equipment for sale at bargain prices – luring in victims who pay hefty deposits for farm machinery that doesn’t exist.
Malware fraud This involves the use of software that has been made or used by a fraudster to ensure that your computer, laptop, tablet or mobile phone doesn’t work as it’s supposed to.
In some cases, it collects information or data saved on your device, and passes it on, and in others it allows a criminal to hijack your device and hold your data to ransom unless a payment is made.
There’s also potential for malware to be used to allow criminals or activists to hack into systems such as cameras in livestock housing.
A common example of a malware scam is where the caller claims to be from the help desk of a well-known IT firm, such as Microsoft. They may claim that your computer has a virus and will ask you to download “anti-virus software” to deal with it.
Experts tips on how to avoid falling victim
Farmers Weekly asked Action Fraud, the UK’s national reporting centre for fraud and cybercrime; Financial Fraud Action UK (FFA UK), an organisation representing the banks and payments industry; the NFU and NFU Mutual for their top tips on avoiding becoming a victim of fraud.
- Have up-to-date antivirus software in place on your computer systems, ensure firewalls are switched on, and apply software patches or updates as quickly as possible. Criminals use weaknesses in software to attack devices and steal information.
- If you outsource your IT services, don’t assume those businesses will be active in preventing cybercrime – check what their remit covers.
- Have a strong, separate password on your email account as criminals can use email as an entry point to access other accounts, for example those used for online shopping.
- Be careful what information you share externally. Fraudsters can use snippets from social media posts to gain knowledge of a person’s circumstances which helps them sound more convincing.
- Control who has access to systems and ensure they are trained on how to prevent cybercrime. Providing authorised access to every member of staff could be problematic if some aren’t properly trained on issues such as phishing.
- If someone emails or phones asking for a supplier’s bank account details to be changed, always verify with that supplier separately, on the phone or in person, using the contact details you have on file. Criminals can access or alter emails to make them look genuine. They can also falsify caller IDs so a call may appear genuine when it isn’t.
- If you are making a payment to an account for the first time, transfer a small sum first and then check with the company using known contact details that the payment has been received to check the account details are correct.
- Always treat phone calls and emails claiming to be to be from your bank or other financial organisations with suspicion. Do not click on any links in an unexpected email or text, and respond by calling back using a published number such as the one found on the back of your bank card or on their website. Scammers can keep the phone line open, so if they suggest you hang up and call them back to check their authenticity, the line may still be connected to the criminal. Ideally use another phone line to make your checks.
- A genuine bank or organisation will never contact you out of the blue to ask for your PIN, full password or to move money to another account. Nor would they try to force you to make an on-the-spot financial transaction or transfer.
- Have the confidence to refuse unusual requests for personal or financial information. It’s easy to feel embarrassed when faced with unexpected or complex conversations. But it’s okay to stop the discussion if you do not feel in control of it.
- If you’re presented with an unusual request or pop-up during an online banking session asking you to enter security information, close the session and check with your bank’s online banking help desk.
- When buying online remember that if a deal seems too good to be true, it probably is.
- Authorised payments via bank transfer offer you no protection if you become a victim of fraud. Use an online payment option such as PayPal, which helps to protect you, but make sure it is a genuine link. Do not send confidential personal or financial information by email.
- If you are selling, be wary of accepting payment by cheque, as even though it may clear, you are still unprotected if the cheque is forged or stolen. Never accept a cheque for a higher amount and refund the difference. This is a common fraud that only comes to light when the buyer’s cheque turns out to be stolen or forged.
What do farmers who have been caught out advise?
Farmers who have fallen victim to the scammers warn how convincing the people they dealt with were and highlight the elaborate lengths to which scammers will go to convince people they are genuine.
For example, in 2018 a farmer from Lancashire was targeted by bank scammers who told him that money had been transferred from his account and that he should transfer the rest into a higher security account.
At this point, the farmer said he wanted to verify everything with his own bank manager.
The caller said he would do that on the customer’s behalf and for asked for the bank manager’s name and telephone number.
A while later he received a phone call that appeared to be from his bank manager’s number, and it was only because the female voice on the other end of the phone sounded nothing like his bank manager that he realised there was an issue.
Meanwhile, two farmers were scammed out tens of thousands of pounds after paying for machines they had found online using what they thought was a secure PayPal transaction, but which they later discovered was a fake link.
Their cases highlight the importance of physically seeing machinery or equipment before putting down a deposit.
Sources of help and advice
Contact your bank straight away if you think you may have fallen victim to an invoice or banking scam.
Cases of fraud should be reported to Action Fraud using its online reporting tool or by telephone on 0300 123 2040.
Action Fraud reports are passed to the National Fraud Intelligence Bureau (NFIB) which assesses, analyses and sends them to police forces for investigation.
The government’s Cyber Essentials website is an online resource that gives simple advice to help secure your systems and devices.
How scam-aware are you?
You can test your awareness of some common scams by taking an online test devised by Financial Fraud Action UK.