Business email compromise. Cheque fraud. Card-not-present scams and payroll spoofs. There are many different names for the many different methods being used, but their all the same issue: fraud.
The reality is that if you’re a business in Canada, you’re a target for bad actors bent on making a quick buck. Your size doesn’t matter. Your industry doesn’t matter. To a fraudster, every business is fair game.
In fact, according to the Canadian Federation for Independent Business (CFIB), one out of every five small businesses in Canada has been victimised by fraud, losing an average of $6,200 annually as recently as 20181
So should business owners just accept that one day they’ll be the target of – and likely the victim of – fraud? Absolutely not. While fraud attempts may be difficult to spot to the untrained eye, there are telltale signs that every CEO, CFO, manager and front-line employee can watch out for – and steps that they can take when they spot them – to keep their hard-earned money safe from scammers.
Here are a number of things to watch out for, and a number of considerations that can keep your business safe from the bad guys.
What to watch out for:
- Fraudsters use urgency to their advantage. Communications demanding you respond or act immediately are designed to make you make decisions without having the time to properly evaluate them. Take an extra moment and give an extra thought to how you’ll react and respond to the request.
- “Failure to respond will be detrimental to myself/sender”
- Fraudsters will try to pull at heartstrings to force action. Claiming they – or potentially YOU – will suffer consequences for inaction is one of the most common ways they will try to trick you into making a bad decision. Don’t fall for it.
- “Please update your payment information…”
- Last minute changes in wire instructions or recipient account information is a common sign that your payment may not end up in the proper destination. Make sure to confirm changes to payment information or locations with a trusted contact, via a trusted method (such as phone call or SMS) before making the change.
- “iTs bean a plezure doign bizness witth u”
- Scammers are very good at many things, but often spellcheck is not one. Watch out for poor spelling or obvious grammar mistakes in written correspondence, which could be an indicator that the sender is not who they appear to be.
- “New phone, who dis?”
- Sudden changes in established communication platforms or email could be a sign that the person on the other end of the line may not be who they say they are. Always confirm via a trusted and established communication method.
- “We’re going to need payment up front this time…”
- A sudden switch to advanced payment of services when not previously required is an easy sign that there may be a bad actor in the mix – and a near guarantee that the products or services being purchased will never arrive.
- “I know we usually do it this way, but this time…”
- Requests outside of standard processes (such as new payment terms, different payment methods) can be a sign that the recipient may be new as well. Confirm any new requests with a trusted source before actioning.
- “New message from your secret admirer…”
- Unknown senders can equal unknown risks. Always ensure that you are confident that you’re speaking with the person you believe you are, and confirm via a secondary method if you have any doubts.
- “Just click this link to….”
- An unexpected URL or attachment may include more than you’re bargaining for. Malware can be inserted into attachments that can compromise your systems, and URLs can be spoofed to send you to real-looking websites that may not be what they appear. Ensure to only click links or open files from trusted sources.
Knowledge is the best defence:
- Today’s word is “secured”
Hardware and software security are critical. Make sure to keep your systems up to date and review controls on a frequent basis.
- Keep a close eye on your cash:
Take precautions with any and all financial transactions. Implement internal controls, review them regularly and enforce them at all times.
- Feature-rich fraud prevention
Adopt and leverage products that prevent fraud. These can help to protect your accounts from unauthorized debits and checks.
- Is that really you?
Protect your information from social engineering. Safeguard your information whenever you’re online and wherever you’re online. Information found publicly from social networks and other online destinations is often used in fraud attempts.
- The more you know…
Stay informed and updated constantly, as fraud patterns change daily. Participate in industry webinars, review reconciliation and audit reports, and follow the news to keep on top of new methods and ways to counteract them.