Fraud can bring a thriving business to its knees depending on what information has been compromised. IT fraud can be particularly nasty as technology is often used to store a company’s most valuable and private data. It costs all kinds of businesses, big and small, millions every year. There are many types of IT fraud that we need to be aware of. The following are increasing in prevalence:
This happens when a fraudster pretends to be the CEO of a company and tricks an employee in to making a payment that might not normally be part of company procedures. They do this by sending an email using an account that will read almost identical to the one belonging to the CEO of a company, however, it may have a 0’’ instead of an ‘o’ or ‘a’ in there somewhere. However, as they are being told to do this by who they think is their superior then they are not likely to question the instruction . The account details entered are then compromised and can be used by the fraudsters.
This can be avoided by simply having a procedure in place which requires validation from the finance department as well as a confirmation email being sent to the CEO’s email to ensure that the request is legitimate.
This occurs when a cybercriminal contacts your company, acting as though they are one of your suppliers. They say that there is an invoice due (they will provide details, enough to make the callee think it is legitimate) and then ask for the details over the phone. This could also be done by email or a fake letter.
To avoid this, you can make sure to check with an account manager at your supplier. We would even recommend having two points of contact just to make sure. As well as this, check with your company’s finance department and check the invoices for any mistakes. There will NEVER be any grammatical or spelling errors on a legitimate invoice.
Fraudsters have been known to contact companies out of the blue posing as Microsoft, HMRC, your bank or even the police. They try to create a sense of urgency to convince you to transfer money to another account (one that they will use to steal the money).
Common phrases they may use include:
Genuine companies will never ever ask for you to move money to another account and they will never ask for your PIN or whole password in this manner.
The internet is a wonderful thing, but it can also be a dangerous place if you aren’t sure what you are doing. Here are a few tips to protect yourself and your company online:
There are plenty of ways that you can improve your security to minimise the risk of these IT fraudsters compromising your company data; not least by engaging with our services. However, if you are ever caught out by a fraudster you should report it immediately to ActionFraud. There, they will allow you to make a report, track the progress of your report, ask for information during the investigation and call to speak to you to discuss your report. It is available 24/7 so you don’t need to worry if you discover fraud outside of regular work hours. Click the link to view their website: https://www.actionfraud.police.uk/reporting-fraud-and-cyber-crime
We recommend that you make all the places where private data is stored as secure as possible. This can be done by simply using a complex password that can only be found in your company’s password manager and only allowing people to access the data who NEED access to it regularly. This can be controlled by the company’s management who can also grant access to others if they need it. There are plenty of ways that you can improve your security to minimise the risk of these IT fraudsters compromising your company data. If you have any questions on how you could increase your company’s security, please get in touch with us.