Fraud is the most commonly experienced crime in the UK which costs the UK many billions of pounds every year. The impact of fraud and related crime can be devastating for businesses, but today we will let you know about the most common fraud and scams we see so you can avoid them much easier.
We will talk about phishing a lot below so to start we will define what phishing is.
What is Phishing?
Phishing is the fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers or other valuable information.
Lets take a look at the top scams affecting companies below.
Change of bank details scam
This scam can start out by either your own account being phished or a supplier / customer of yours being phished which gives the scammer visibility into your email conversations.
Scammers can use phishing emails to pilfer login information and if the recipient falls for it, that can give the scammer a way in to monitor your emails by taking control of a user account. Once they do that, they may watch for an invoice being received or sent. Then they will spoof the email address of the sending company and create an identical invoice but with the scammers “new bank details” on it.
If you receive any change of bank details or you are paying an account for the first time, always telephone your customer / supplier using the telephone number you have for them and not the telephone number on the email to double check and confirm the bank details with them. This will prevent you from paying an opportunist scammer who has recently intercepted and changed bank details and other information. It only takes a few minutes but it can save you thousands of pounds!
Unpaid Invoice / Confirm bank details scam
It’s quite common to get an email supposedly from Paypal or other financial institutions to say there is a problem with your account and you risk your account being closed. A typical good example of this is an amazon or netflix email saying they will close your account if you don’t confirm your bank details. If you ever get this type of email and struggle to tell if its real, just close the email and go to the website manually via your browser. Never click links on these type of emails as it will likely take you to the fraudulent website which looks identical to the official website.
Gift card scam
We saw lots of this scam on the internet at Christmas. It is especially prevalent at that time of year as it makes it easier for scammers to execute. The scam basically starts with someone imitating a CEO or Managing Director on services like WhatsApp and they send a message to one of the employees who have their phone number on the company website. The scammer will start up a conversation asking the employee to go to the shop and buy some popular gift cards like Google Play or Apple gift cards to give to the employees as presents for all their hard work. The scammer will then make an excuse and ask the codes to be emailed to him/her as they would not be around to collect them. Once the scammer has the codes they can sell them online in exchange for real cash.
Social engineering scams
Employees should always be wary when taking calls and never assume the person on the end of the phone is who they say they are unless of course they have spoken to them previously and know them.
Scammers can trick staff into handing over confidential or sensitive information, such as passwords or bank information. It often starts with a phishing email, social media contact, or a phone call that seems to come from a trusted source, such as a supervisor or other senior employee, but creates urgency or fear. Scammers may ask employees to send money or provide access to sensitive company information. Other emails may look like routine password update requests or other automated messages but are actually attempts to steal information. Scammers also can use malware to lock organizations’ files and hold them for ransom.
Remember: If you get a random call or email from ourselves and you don’t recognise the support technician give us a call from the number on our website and we will be able to confirm or deny whose calling.
General issues to be aware of
There is a lot of spam emails going around that ask you to login to your email account and they might have a Login button. Never use those emails to login to your email account. Always use the official website or app that you’ve always previously used. Always be wary of clicking links in an email.
The common theme that runs through the scams above involve “social engineering” which is basically convincing someone that you are someone you’re not. If a scammer can convince you that they are someone else or some other official company then they don’t need any special hacking skills at that point as they may receive the information they need off you / your business / your employees.
Best way to prevent scams?
Become alert to any change of payment information, any request for information which sounds strange, or any request which is out of the ordinary especially those which are time critical. Don’t click links in emails that you were not expecting, and get a second opinion from your IT company or IT representative at your company. Check the from address on the email to make sure its exactly the correct email address if it comes from someone you may know. E.g. If you receive an email from email@example.com and then you get an email from firstname.lastname@example.org requesting a change of bank details or something then you can be sure there’s something fishy going on!
If you need us to check any messages or would like any further advice or consultancy on this please get in touch.