Fighting Info Fraudsters

7th September 2021

Fraud can bring a thriving business to its knees depending on what information has been compromised. IT fraud can be particularly nasty as technology is often used to store a company’s most valuable and private data. It costs all kinds of businesses, big and small, millions every year. There are many types of IT fraud that we need to be aware of. The following are increasing in prevalence:

CEO Fraud:

This happens when a fraudster pretends to be the CEO of a company and tricks an employee in to making a payment that might not normally be part of company procedures. They do this by sending an email using an account that will read almost identical to the one belonging to the CEO of a company, however, it may have a 0’’ instead of an ‘o’ or ‘a’ in there somewhere. However, as they are being told to do this by who they think is their superior then they are not likely to question the instruction . The account details entered are then compromised and can be used by the fraudsters.

This can be avoided by simply having a procedure in place which requires validation from the finance department as well as a confirmation email being sent to the CEO’s email to ensure that the request is legitimate.

Invoice Fraud:

This occurs when a cybercriminal contacts your company, acting as though they are one of your suppliers. They say that there is an invoice due (they will provide details, enough to make the callee think it is legitimate) and then ask for the details over the phone. This could also be done by email or a fake letter.

To avoid this, you can make sure to check with an account manager at your supplier. We would even recommend having two points of contact just to make sure. As well as this, check with your company’s finance department and check the invoices for any mistakes. There will NEVER be any grammatical or spelling errors on a legitimate invoice.

Impersonation Scams:

Fraudsters have been known to contact companies out of the blue posing as Microsoft, HMRC, your bank or even the police. They try to create a sense of urgency to convince you to transfer money to another account (one that they will use to steal the money).

Common phrases they may use include:

  • Fraud has been identified on your account, we need your password or PIN
  • You are due a refund, please provide your account details
  • Your internet broadband has been compromised
  • You need to download software, please click the link we have provided
  • (Posing as the police) Your bank is being investigated, here is a “safe” account for you to transfer your funds in to

Genuine companies will never ever ask for you to move money to another account and they will never ask for your PIN or whole password in this manner.

Online Fraud:

The internet is a wonderful thing, but it can also be a dangerous place if you aren’t sure what you are doing. Here are a few tips to protect yourself and your company online:

  • Set up strong passwords for all your accounts, especially your online banking. Use a secure password management system to ensure passwords are managed securely, not repeated and changed regularly. See https://www.121it.co.uk/latest-news/service/office365-hybrid-cloud/ for more.
  • Try to avoid using a search engine or adverts to access your online banking. The bank’s own application will be far more secure.
  • If you search for your bank using a search engine you are far more likely to stumble across a fraud site that may look like your bank but isn’t.
  • Never allow anyone remote access to your device whilst you are using online banking.
  • If you are asked to download software by ANYONE before logging in to your bank, it’s a scam.
  • Keep your devices’ security and anti-virus software up to date. Keep the operating system software patched and updated.
  • Keep the personal information that you post on social media to a minimum.
  • Check your privacy settings regularly to ensure you are only sharing with people that you want to.

There are plenty of ways that you can improve your security to minimise the risk of these IT fraudsters compromising your company data; not least by engaging with our services. However, if you are ever caught out by a fraudster you should report it immediately to ActionFraud. There, they will allow you to make a report, track the progress of your report, ask for information during the investigation and call to speak to you to discuss your report. It is available 24/7 so you don’t need to worry if you discover fraud outside of regular work hours. Click the link to view their website: https://www.actionfraud.police.uk/reporting-fraud-and-cyber-crime

We recommend that you make all the places where private data is stored as secure as possible. This can be done by simply using a complex password that can only be found in your company’s password manager and only allowing people to access the data who NEED access to it regularly. This can be controlled by the company’s management who can also grant access to others if they need it. There are plenty of ways that you can improve your security to minimise the risk of these IT fraudsters compromising your company data. If you have any questions on how you could increase your company’s security, please get in touch with us.

Photo by BePhoto by Max Bender on Unsplash