Fraud against companies – what you need to know

Fraudsters try to trick people into doing something they do not actually want to do. The scenario that they choose for this is intended to affect the potential victim emotionally or attract their interest. The aim is to establish a feeling of closeness and create a false sense of security. Perpetrators gather information in advance about a company's structure or the personal interests of a potential target. This is often done using freely available information (for example on a company's website or through social media). The target person is then confronted with a tailor-made scenario. This approach is called social engineering.


Perpetrators take advantage of the hierarchical structure of a company and create a certain pressure to act. For example, they assume the identity of a superior and ask an employee to disclose sensitive information or transfer money on his or her behalf.

Time pressure

The victims are told that they have to act quickly or under time pressure.


The victims are promised a prize or a surprise in return for opening the file or clicking on the link.


The victims are threatened with consequences if they do not comply with the request. Incorrect information is for example used to coax victims into clicking on a link to correct it.


The subject presented appeals to the victims emotionally. The victims for example want to help someone.

Companies are lucrative targets for fraudsters. Compared to private individuals, larger sums can usually be obtained in one hit. This is why the attackers spend more time on these attacks and they are more targeted and professional than those against private individuals. They concentrate their attacks on company finance departments.

The NCSC has identified the following types of fraud against companies as being particularly common:

Last modification 16.02.2021

Top of page