Any business, regardless of its size, can become a target for fraud. Learn to recognize the most common schemes and adopt secure behaviours to protect your business.
1. Phishing
Phishing is a common tactic used by many scammers. They call people, contact them on social media or send emails or text messages that look legitimate. The goal is to get you to act impulsively and click a link, open a file or download a document. Once you click, the scammer can install malware on your device and ultimately obtain your personal or financial information. Plus, phishing can lead to other scams and cyberattacks. According to Cybereco,1 more than 90% of cyberattacks around the world start with a phishing email.
2. Ransomware
Ransomware is malicious software often delivered via phishing attacks and is used to hijack your company’s data. The cybercriminal asks for a ransom to restore your data. According to the Canadian Centre of Cybersecurity, "Ransomware can have severe impacts including core business downtime, permanent data loss, intellectual property theft, privacy breaches, reputational damage and expensive recovery costs.2"
3. Impersonation fraud
Scammers often do a lot of research on your company and the CEO's habits. They usually wait until the CEO is on vacation or absent before putting their plan into action. Social media is a goldmine for con artists. Be careful about what you post online. Scammers can copy the visual and graphic identities of well-known companies and financial institutions you do business with.
CEO fraud
CEO fraud, also known as "business email compromise," is a type of scam where scammers usually start by hacking into the CEO's account. Using their email address as a cover, the scammer contacts an employee from the organization who's authorized to carry out transactions, like an administrative assistant, procurement officer or accounts payable clerk, under the pretext of an emergency or a major acquisition. Sometimes it could be one of your business partners who gets hacked. A series of exchanges follow, requiring secrecy on the part of the employee.
Fake supplier scam
After hacking into the email account of one of your regular suppliers, the scammer asks that payments intended for that supplier be sent to a new bank account. The scammer (fake supplier) asks you to change the banking information. The payments are never made to your real supplier.
Fake technician scam
A tech support agent contacts you by phone. They claim to have to update software or clean or fix your computer, for example. To convince you, the fake technician says your software version is obsolete (or corrupted) and that you'll soon lose access to it. Then, they ask you to connect remotely to your computer to do an "update". The scammer actually wants to access your computer to perform a scan and collect your ID and passwords. Once they have your personal information, they’ll be able to perform fund transfers.
4. Overpayment scam
One of your "customers" sends a payment by cheque that exceeds what they owe for the goods or services they received. They then ask to be reimbursed for the overpayment. You later discover that the cheque was fraudulent. By then, you've lost the goods and services, along with the amount refunded.
Don’t get scammed! Prevent fraud
1. Be vigilant
If something doesn't look right, flag the problem and investigate further.
2. Educate and train your staff
Make your staff aware of fraud schemes. Train them on fraud risks. This should include showing them what to watch out for, which processes to follow and how to report suspicious situations. They also need training on current procedures.
3. Make sure transactions with your suppliers and clients are secure
Confirm any changes to supplier banking information verbally with a reliable source, using the phone numbers you have on file.
4. Check the origin of text messages or emails
Was the message or the call expected or solicited? Check the identity and legitimacy of the caller or sender. Don't click links or attachments from unknown senders. Whatever the case, never give out personal information.
5. Set up stringent procedures for transfers
Set up a clear process for payments and transfers, including transaction amount limits and approval levels. Inform authorized individuals of the risks and make sure they understand the procedures they need to follow. Document the procedure and only share it with the employees involved.
6. Use strong passwords
It can take a hacker a matter of minutes to crack a password that doesn't meet certain criteria. A password manager is also much more secure than an Excel document or a sticky note. Make sure your computer system is up to date and fully protected.
To learn more, check out the tools in the cybersecurity awareness kit.