Keeping business safe online
Each year, thousands of businesses report being victims of fraud. The actual number of businesses that suffer is likely to be much higher, but it often goes unreported as businesses like to save face and maintain a reputation. A business can lose thousands or even hundreds of thousands of pounds as a result of fraud.
Businesses are an obvious target to fraudsters as there is usually a large amount of money on offer; generally speaking, it’s far more profitable to target a business than an individual. That being said, it’s usually an individual within the business that unwittingly causes a leak and allows fraud to take place, either by falling for scams or not taking the necessary precautions
We’re going to discuss some of the typical ways that fraudsters may attempt to defraud your business, and what you can do to safeguard against them.
Phishing emails are becoming more and more difficult to detect; they’re looking more legitimate and more accurate than ever before, and therefore more dangerous. They pretend to be our bank, or government agencies (like HMRC), or trusted companies that we deal with (like Apple, for example) in order to gain our trust and lower our guards. They then may ask us to open an attachment or click a link or enter personal information, perhaps under the guise of confirming details they already have. The attachments often contain malware which can infect your computer and gather information about you without your knowledge or the forms they ask you to fill in will directly feed them your personal information.
An email may seem to come from a director or executive in the company, usually to the accounts team, asking for a fast payment to be made to a supplier or partner. Fraudsters sending these emails usually do their research and send them when the director or executive in question is out of the office, thus making it hard to verify its authenticity.
Sometimes fraudsters may contact your company via email, letter, or even phone call, asking you to change payment details for a regular payment or transaction you make. The intention here is to have these regular payments diverted to a fraudulent bank account, with the hope that regular or common payments aren’t as scrutinised by a company as new or exceptional payments.
Vishing Phone Calls
Vishing (or ‘voice phishing’) is a new trend that has been adopted by fraudsters. A fraudster may call you purporting to be your bank, the police, or even a tech company (like Google), saying that there is a problem that requires your immediate action. They will try and fluster you and manipulate you giving away personal details in the process, such as passwords to accounts or bank details. They may well do their research on the company they’re impersonating, your history with them, and even social media activity of yours to seem more informed and therefore more legitimate.
Remote Working Issues
Unsecured Wi-Fi networks are always a security risk. Mostly so for public networks but even an unsecured home networks poses a threat and opens you up to being spied on by those looking to defraud you. Even someone simply looking over your shoulder while you’re working in a coffee shop can lead to personal information being gathered. And as a general rule, never leave your device unattended. (You’re almost asking for it!)
In The Office
It may not be nice to be suspicious of colleagues, but colleagues you don’t know could pose a security threat to you and your data at work. The same goes for any contractors, tradesmen, or even clients coming in for meetings. Always check ID and be sure of who you’re allowing into your workspace. Keep your computer locked while you’re away from your desk and be vigilant generally. Oh, and don’t leave your password on a post-it on the computer screen! (We know some of you have done it!)
In today’s digital world, complacency can be fatal for your business. Our general advice for protecting yourself from these attempts at fraud is the be wary, take precautions, and if you’re unsure, ask someone you trust. Better yet, contact the company you’ve received an email or phone call from separately (i.e. do not reply to the email or call the same number back) to verify whether the suspicious email or call was actually from them.