Health & Safety

Health & Safety

Health & Safety

Fraud Awareness

1st December, 2023

by

An important message from Colin Jones, UK Security Manager

You will all be aware cyber enabled crime remains (and is always likely to remain) one of the highest security threats to our business. On this subject, unfortunately, I need to draw a series of frauds and attempted frauds to colleagues attention, each of which have taken place in recent weeks.

Whilst there is a variety of different modus operandi used, each offence was cyber enabled and there are common strands of learning.

There are several opportunities and actions we can take to minimise the threat. For customer facing colleagues in particular, I would encourage you to consider the following:

  • Where a fraud or attempted fraud comes to light any associated telephone numbers (landline and mobile) and email addresses should be blocked from our systems. Colleagues can initiate this process in liaison with myself, John Sweeting or IT.
  • It is important to promptly share across our business strands the details of any fraud. Two of the recent frauds were perpetrated against different supply strands within our business. The offences have commonalities which suggest the same offenders. Had we acted promptly to share the details the second offence would have been headed off easily. We can protect ourselves more effectively by communicating outside of our natural operating silos; please ensure you share details of frauds and attempts ASAP.
  • The MOs used demonstrate a degree of social engineering, with some prior knowledge of our business accounts and procedures, and in particular a tendency on the offender’s part to attempt to rush or bully his way through the call. Sales facing staff should maintain their professionalism throughout their call handling. Never volunteer account information and routinely always follow our procedures; they are there for yours and the organisations protection.
  • Staff should be aware of the checks and balances built into our processes and discouraged from cutting corners. Specific advice includes:
    • Take your time to handle the call, do not be rushed.
    • Always carefully check email addresses. Hover above the address and ensure the link reverts to the address as it appears.
    • Any email address ending in common/generic domains such as Hotmail, Live, Gmail, Protonmail etc may give early warning to a potential fraud. Most of our accounts relate to corporate email addresses. Those that do not, should be carefully considered.
    • Take heed of the CAUTION advice, built into outlook. The advice is intended to provide early warning of a potential issue.

  • Transactions that require a PO. Please remember… ‘No PO.… No order!’
  • Check back with ordering company via landline to confirm prices, timings and contract arrangements. Do not be rushed over the phone. This is particularly important, and again, may be a trigger issue indicating a potential fraud. Our customers are unlikely to have issue with a thorough and efficient ordering experience. In fact, in the case of a potential fraud, the offenders MO may be the result of a data issue within the genuine customers organisation. We know from experience our genuine business partners are very grateful when we are able to help them identify offences and offenders.
  • Callers uncertain of their facts (email address, contact details, PO number, credit card details.… even their name) should be handled carefully. Insist on the details and do not be fobbed off: “My email address isn’t working”.… is not acceptable and be particularly cautious of anyone who hesitates to provide or recall their name!
  • Orders via credit card need extra caution. Take only the detail the caller can provide, do not prompt or assist the caller from existing records. No more than two attempts should be accepted.
  • IF IN DOUBT ADVISE THE CUSTOMER YOU WILL CALL THEM BACK AND CONSULT YOUR SUPERVISOR.

The list above is not exhaustive, and is intended to help you navigate through the potential threat of cyber enabled attempts at fraud. Maintain a calm approach and trust your gut instincts.… they are usually right.

Your Safe Cyber Top 10 stickers and poster

As part of our ongoing Secure Workplace Project we have produced a sticker for every Cemex UK laptop, sharing our Top 10 Safe Cyber tips – see image. If you are a laptop user, on receiving your sticker please affix it to the left or right of the touchpad, to remind you every time you use your laptop.

We have also produced a poster with the same top 10 tips – you can find it on the UK News download page: here

Please share on all workplace notice boards.

Sound workplace security is a team game! Our security is in your hands.