Protect Your Business: 5 Common Fraud Scenarios to Watch Out for in 2024
CanadianSME Small Business Magazine
Empowering Canadian Small and Medium Enterprises,
March is Fraud Prevention Month, making this an ideal time to take a moment and get familiar with today’s trends in fraud.
More and more businesses have invested in fraud prevention technology to help protect their data, their employees and their customers from cyber threats. However, companies remain vulnerable thanks to a common weak point – its people.
Although your defenses today may be stronger than ever, modern cyberattacks against businesses use an element of social engineering to gain a foothold. In other words, they tap into the vulnerabilities of the people working with or for your business to steal money, data or both. After all, people are busy and typically eager to please – and may respond to an email without giving too much thought to who sent it, why they’re asking for something slightly unusual or whether the link is safe to click.
That’s why it’s important for employees to be aware of some of the common ways they could be tricked into giving up a piece of information that would be useful to a cyber-criminal.
“In this era where cybercriminals increasingly target the human psyche through sophisticated social engineering tactics, technology can fortify your defenses but it’s the vigilance and awareness instilled in your employees that serve as your human firewall and your frontline of defense. You can invest in the most advanced technology available, but without adequately trained staff, your defenses remain vulnerable to exploitation.” – Michael Argast, Co-founder and CEO of Kobalt.io
Here are five fraudulent social engineering tactics that target businesses:
CEO Imitation Fraud
In this case of fraud, a scammer hacks into the email of an owner, CEO or other high-ranking executive and sends a fake email to an employee requesting a financial transaction be made. Typically, they will ask to change the routing information for an account or make an out-of-the-ordinary deposit or transfer.
Because the fraudster has been monitoring email activity, they know when the executive is out of town and that the request can’t be verified face-to-face. By the time the executive returns, the money has been sent to a fraudster’s account and is gone.
Payments Fraud
Payments fraud happens when a fraudster pretends to be a client of the business and calls in to change payment details. Clever fraudsters who have done their research will know when key employees are out for lunch and the person covering the phones isn’t as familiar with clients or procedures. Once payment details are changed, subsequent payments will get directed to the fraudster’s account, instead of the vendor’s.
Cheque Fraud
While cheque use has been declining over recent years, many Canadian businesses continue to use cheques – in fact, Canadian banks still process over 1 billion cheques annually.
Cheque fraud can take a few different shapes, but the most common instances involve the theft of cheques, the creation of counterfeit cheques or changing the name or amount on a legitimate cheque. Cheque fraud can also be an inside job – without robust processes in place, employees can steal company funds by intercepting, forging or altering a cheque.
领英推荐
Bank Impersonation
If someone calls claiming to be from your bank, the natural tendency of an employee is to answer their questions, right? This behaviour is something fraudsters count on in a bank impersonation scam. This is when someone calls claiming to be from your bank or merchant’s fraud department and asks for a token value or secret SMS code that’s about to be sent. In reality, the caller is a fraudster who has access to company credentials or credit cards and is trying to trick an employee into giving up a two-factor authentication code so they can steal funds or make a purchase.
Overpayment scam
In this scam, a fraudster will first engage a company and request a quote for services. Once the quote is sent, they will pay for the service up front.
The catch is, the cheque is made out for more than the invoice amount. The fraudster then contacts the company and advises of the overpayment and requests that the excess funds be returned. The employee, being helpful, accommodates the request and sends the money before the company detects the original cheque is fraudulent.
How to protect your company
With each of these scams, your employees, vendors or partners could be unwitting targets that help fraudsters trick you out of valuable property. Educating your employees about fraud types and tactics is therefore a crucial step to keeping your company safe.
Here’s what you can do to reduce the vulnerabilities that can lead to fraud:
Proactively educate your employees
Train your staff to detect phishing, smishing and other messaging lures. Training should be ongoing to keep employees informed and that they need to always be vigilant. For example, Kobalt.io offers a user education program that includes cybersecurity awareness training as well as phishing simulations to keep your team alert and up-to-date on the latest scams.
Install processes that protect staff
The right processes can help stop fraud before it happens. For instance:
Support employees with the right technology
Ongoing investment into your company’s cyber security is essential to protect your business. Just as important, however, is regular training, education and process updates to ensure your employees become an extra layer of defense against fraud.
This article was originally published on RBC’s My Money Matters blog.