With the consequences of a scam often going well beyond pure financial losses, it is essential that every colleague in your business knows how to spot the signs.
Businesses have always been highly attractive targets for fraudsters. Why? Money and data – both the company’s and that of their customers and supply chain partners.
That aside, the twin myths that “it will never happen to us” (the organisation) and “it doesn’t matter because it’s not my money” (the employee) – unfortunately persist widely.
Typical scam types
The latest sophisticated technology can play a huge role in safeguarding companies. However, this can count for nothing if your colleagues aren’t aware of commonplace techniques used by fraudsters.
Typically, they impersonate your company’s bank, a supplier, or even one of your own colleagues. Email is still easily the most prevalent means of initial attack on a company. However, phone calls, texts and direct messages are also used every day to lure the unsuspecting employee.
Vin Pandha, Commercial Fraud Manager at Lloyds Banking Group, comments, “Compromise of an email system is the method by which the vast majority of impersonation frauds in businesses occur. Fraudsters often ‘spoof’ email addresses to make them look like they have come from a genuine contact, or more commonly we are now seeing email systems being hacked into. Always double check a request that comes through by email using an alternative method of communication, as the email may not be as genuine as it seems.”
Advice
- Be on your guard for unexpected or irregular payment requests, whatever the amount involved.
- Always verify requests for changes to account details with the requesting organisation, using the phone number you know to be authentic.
- Always double check account details before you make a payment, and never reveal your passwords, confidential information or card reader codes.
- Remember: email is not a secure method of communication. Genuine email trails can be hacked, and payment details changed. If you receive an instruction via email, double check: make a phone call, ask in person or use some other trusted communication, but never use email to verify information.
- If a request for an irregular payment or amended payment details appears to come from a senior manager or other colleague, double check with them directly either in person or on a number you know is authentic. If they are not available and the request demands urgent action, check with another trusted senior colleague.
- Don’t overshare confidential information. Fraudsters can use a combination of seemingly harmless techniques such as calling to ask the name of a colleague, then checking their activities on LinkedIn or Facebook.
- Avoid clicking on links or attachments in unsolicited or unexpected emails. This could download spyware or other malware which can intercept data and transactions from devices or the entire company network.
- Encourage customers, partners and other stakeholders to follow similar good practice.
Lloyds Banking Group recently partnered with Get Safe Online to create an inspiring video to highlight some of the scams small business face online. See more at www.getsafeonline.org/fraudstars/
This article originally appeared in Business and Industry’s Financial Crime campaign.
Tony Neate, Chief Executive Officer, Get Safe Online