Is Your Start-Up Prepared to Combat Fraud? - Lessons from Five Real-Life Cases

Shared Journey with iFly.vc

Is Your Start-Up Prepared to Combat Fraud? - Lessons from Five Real-Life Cases

To many of us, fraud seems to happen only to other people in the news. Most people feel confident they can spot a fraud, such as a scam email from someone claiming to be a prince, requesting assistance to unlock a frozen bank account, and offering a generous bonus.

In reality, fraud can happen around us every day! In 2023, 80% of organizations experienced payment fraud attacks, marking a 15 percentage point increase from the previous year. In our circle of start-up friends, we have come across various cases, and we want to share a few with you.

Five Real-Life Cases

Case 1

The finance department of ABC Co, has been in email exchange with XYZ Co, a service provider. Someone on XYZ’s side replied to everyone on the email thread that they changed the bank account and would request the payment to be wired to the new account. Luckily, the ABC staff did not feel right and called the counterpart at XYZ to verify the change. Soon, they discovered someone had hacked the XYZ team’s email accounts and replaced their email “john@xyz.co” with “john@xyz.com”. 

Case 2

Similar to Case 1, an accountant of another company was deceived by an impersonator of her supervisor, whose email account was hacked, to wire a payment of over $200,000 to the new account of one of their vendors. Unfortunately, in this case, the accountant did not question the validity and wired the money. The money was gone for good.

—

Meanwhile, when a start-up focuses heavily on key metrics like product iteration and top-line growth, it may often neglect the rigor of internal financial controls. Fraudsters can exist both externally and internally, and internal fraud can be as bad as external fraud.

Case 3

An A/P personnel altered the invoice and paid a fake account that he owned. It was as simple as that. 

Case 4

A staff member of merchandise return at a company stole a number of items to sell them on second-hard marketplaces.

Case 5. A Personal Encounter

A while ago, an individual exhibiting a high level of sophistication approached one of our portfolio companies with questionable intentions. The man said he had tracked the company for a while and would be interested in investing. He spent a fair amount of time on the business with solid due diligence questions that any start-up would anticipate. He socialized with the co-investors and introduced potential vendors to the company. When I traveled to Dubai for business, the man showed up there and met me over breakfast. During the meeting, I was impressed with the depth of his questions. Meanwhile, the other co-investors hosted him and also thought highly of him.

The man offered to invest a sizable check and negotiated terms in a very professional manner. All the existing shareholders thought it would be reasonable and good for the company to take his investment. However, things quickly turned “strange”.

The man’s money never showed up after signing all the documents and initiating the wire. He was responsive and claimed the wire somehow got stuck, and his bank initiated a lengthy KYC process for him. He was apologetic and offered to send the money from his friend, whom he would borrow from, to meet the deadline. 

Meanwhile, the man told the company that he needed to borrow money to pay a few past-due bills because his account became inaccessible due to the ongoing KYC. The company’s founders felt it would be inappropriate to lend him the company’s money, but they felt empathetic for his situation and, therefore, gave him a significant personal loan.

Soon after, the company’s founders felt suspicious and immediately confronted the man in person. Apparently, the man did not expect the founders to react quickly, so he was caught off guard and returned the money on the spot.

With the amount of work the man put into his scam, we are sure his target would not be limited to a personal loan. We learned that many scammers lead their victims into psychological traps with many incremental steps, which appeared to be similar to what he had attempted. 

Although the company and its founders did not lose money, the situation was a big time sink for everyone. The company lost several months that could have been spent on more productive work.

We have shared the above cases with our portfolio companies, founders, and investors in our network. While focusing on growing the business, start-ups should remain vigilant against all types of fraud. Nobody is immune to these threats, which can severely impact a company’s financial health, operations, and reputation. So, how can start-ups protect themselves effectively?

Effective Measures To Fight Against Fraud

Fraud can manifest in many forms, both internal and external, as demonstrated by the cases above. Although these examples are not exhaustive, they highlight the kind of threats that start-ups might encounter. Even though these people can be caught and, in some cases, prosecuted, the process was painful for everyone. 60% of all fraud losses incurred by small businesses are never fully recovered. 

Gaining the awareness of these risks is the first step; now, let us explore some effective measures to protect your start-up and build a defense against fraud.

Strengthening Controls

Start-ups must prioritize establishing robust internal controls to mitigate the risk of both internal and external fraud. Implementing controls can help protect your financial assets and maintain operational integrity. Key measures include requiring multi-factor authentication for all email accounts and sensitive systems, instituting a policy for regularly changing passwords, and training employees on fraud awareness. Verification procedures for changes in payment instructions, such as direct phone calls, help confirm authenticity and present email spoofing and account compromises. Segregation of duties ensures that no single person has control over all aspects of a financial transaction, reducing the risk of internal fraud. 

Regular internal and external audits are essential to detect and prevent fraudulent activities. Implementing approval workflows that require multiple layers of authorization for significant transacts adds checks and balance to the process. Additionally, strong inventory controls, including regular audits and monitoring, prevent theft. These measures are examples of how start-ups can improve their defenses against fraud, and enhance overall operational security.

Verifying Credentials

When raising funds, it is important to qualify potential investors including verifying their credentials to avoid scams and fraudulent activities. Leverage your network for recommendations from trusted advisors, mentors, and peers, as personal referrals are often more reliable. Engage in startup events, pitch sessions, conferences, and networking events to meet potential investors in person, providing valuable insights into their character and intentions. 

Always conduct thorough due diligence by researching an investor’s background and previous investments. Request referrals from other founders they have supported to get a clearer picture of their experience and reliability. Pay attention to red flags, such as investors who are too eager to invest without thorough discussions or are hesitant to share information or references. Trust your instincts if something feels off!

Trust Your Intuition

Trust your intuition to navigate investor relationships and internal controls effectively. Avoid rushing decisions by thoroughly vetting potential investors and understanding their intentions, as hastily made decisions can lead to unfavorable outcomes for both investor relationships and internal controls. Be cautious of investors who pressure you into quick decisions or accepting unfavorable terms, as these tactics are often red flags for potential fraud. 

Intuition is crucial in managing operational aspects like inventory and financials, as well as identifying fraudulent emails or suspicious activities. If something looks off, question it and dig deeper to understand. Encourage open communication within your team, fostering an environment where members feel comfortable raising concerns and reporting suspicious activities. Intuition can often pick up on subtle cues that formal processes might miss, helping to protect your startup from individuals attempting to lead it astray and cause harm.

Final Thoughts

Start-ups must be vigilant and proactive in protecting themselves from fraud, whether it originates internally or externally. By implementing robust controls, thoroughly vetting potential investors, and trusting their intuition, start-ups can significantly reduce the risk of falling victim to fraud. Prioritizing these measures not only safeguards financial assets, but also reinforces a foundation of trust and integrity within the organization. Stay informed, stay prepared, and your start-up will be well-equipped to navigate and overcome these challenges.

---

Additional Resources

1. Investment Scams - FTC Consumer Advice

2. Email Spoofing - CyberNews

3. Email Compromise - National CyberSecurity Alliance

4. Fraud Prevention Check-Up - Association of Certified Fraud Examiners

5. 5 Ways to Track & Prevent Retail Employee Theft - Resolver

6. The Dark Side of Startups - Levent Bulusan

7. Fake Investors: How to Spot Scammers - SeedLegals 

8. Fraud Statistics

9. Small Business Fraud