Any business, regardless of size, can become a target for fraud. Learn to recognize the main schemes that are used and adopt secure behaviours to protect your business.
1. Phishing
Phishing is a scheme used by fraudsters to send emails or text messages that appear to be legitimate. The goal is to get you to act impulsively by clicking a link or opening a file. Fraudsters can install malware on your device and ultimately steal your personal information.
2. Ransomware
Ransomware is malicious software that can replace phishing and is used to hijack your company’s data. The cybercriminal asks for a ransom to restore your data. “Ransomware can have severe impacts including core business downtime, permanent data loss, intellectual property theft, privacy breaches, reputational damage and expensive recovery costs.”1
3. Impersonation fraud
CEO scam
After hacking the inbox of your company’s CEO, the fraudster contacts an employee that is authorized to make international transfers. Using the CEO’s email, the fraudster asks that money be transferred to a foreign account under the pretext of an emergency or a major acquisition. A series of exchanges follow, requiring secrecy on the part of the employee.
Fake supplier scam
After hacking into the email account of one of your regular suppliers, the fraudster asks that payments intended for that supplier be sent to a new bank account. The fraudster (fake supplier) asks you to change the banking information. The payments are never made to your real supplier.
Fake technician scam
A computer “technician” contacts you by phone. They claim to have to update software or clean or fix your computer, for example. To convince you, the “technician” says your software version is obsolete (or corrupted) and that soon you’ll no longer be able to use it. The “technician” then asks you to connect remotely to your computer to do an “update.” Instead, the fraudster wants to access your computer to do a “sweep” to collect your ID and passwords. Once they have your personal information, they’ll be able to perform fund transfers.
4. Overpayment scam
One of your “customers” sends a cheque for more than the amount needed to pay for goods or services. They then ask to be reimbursed for the overpayment. It is found out later that the cheque was fraudulent. The goods and services are lost, along with the amount refunded.
Don’t get scammed! Prevent the risk of fraud
1. Be vigilant
Regardless of the situation, whenever something seems fishy or unusual, report the problem and make the necessary inquiries.
2. Provide training to staff
All staff must be made aware of fraud schemes. They must also be trained on current procedures.
3. Ensure that transactions with your suppliers and clients are secure
Check any change in your suppliers’ banking information by contacting them at the phone numbers already on file.
4. Check the origin of text messages or emails
Was the email expected or solicited? Never provide personal information by email or text.
5. Set up a strict procedure for transfers
The procedure must be in writing and known only by the employees concerned.
6. Choose a strong password
A password that does not meet certain criteria can be found out by hackers in a matter of minutes. A password manager is also much more secure than an Excel document or a sticky note.
To learn more, check out the tools in the cybersecurity awareness kit.