Business email compromise (BEC) fraud attacks soared 58% over the past year, possibly affecting as many as half a million SMEs, according to new Lloyds Bank data.
The high street lender claimed that smaller UK firms are losing on average £27,000 per scam to impersonation fraudsters.
Law firms are most affected (19%), followed by HR, IT workers and finance companies.
However, the true scale of the challenge could be even greater, as one in 20 victims apparently hide their mistakes from colleagues for fear of being fired.
Half of respondents to the study claimed that scammers tried to impersonate the CEO, but even more (52%) posed as suppliers, highlighting the challenge facing organizations keen to shut down this growing risk.
The stats chime somewhat with recent figures from Barracuda Networks last week which revealed that the largest number of attacks focus on impersonating those outside of the C-level.
The new Lloyds bank figures are designed to come as part of an awareness raising exercise among small businesses with government-backed Get Safe Online.
“The most effective way to ward against these fraudsters is to double check the details. Verify any requests for amended payments to an organization directly using established contact details,” explained Get Safe Online CEO, Tony Neate. “If you’ve received a suspicious email, always check with the person you believe sent it by asking in person, phoning them or using a different trusted communication method."
Interestingly, the poll of 1500 SME workers revealed that millennials are most at risk of being targeted: 12% have been hit or know someone who has fallen victim to impersonation fraud.
According to FBI figures, scammers have now made over $12.5bn from BEC attacks since 2013. Attacks jumped 17% last year with nearly 89% of organizations polled by Proofpoint on the receiving end of at least one BEC scam.