Help protect your business from these 4 rising schemes
Business fraud is on the rise, and four types of schemes, specifically, are trending. As fraud continues to evolve and become increasingly sophisticated, it’s important to recognize the most pervasive types. To help protect your business and to help you and your employees identify these schemes, read these four common scenarios, as well as fraud prevention tips.
Beware of these deceptive schemes
Scenario #1
- A fraudster sends phishing emails to employees of a mid-sized financial services company, masquerading as the IT department, and instructs them to scan a QR code to update their security settings. Several employees comply, leading to a phishing site where they enter their login credentials and sensitive information. The fraudster uses this data to gain unauthorized access to the company's internal systems and customer databases, resulting in a significant data breach and potential financial losses.
- This fraudulent activity was perpetrated through QR code fraud, also known as quishing.
Scenario #2
- A fraudster poses as a financial institution and contacts a business user to extract login credentials using social engineering. Using this information, the fraudster then contacts the business's financial institution, impersonates the business user and attempts to reset the business user's login credentials for their online banking services. Access is gained, and the fraudster submits ACH or wire transfers to accounts they control.
- This type of fraudulent activity is called double-sided spoofing.
Scenario #3
- A fraudster gathers personal information to convincingly impersonate a business user's cellular account. Then, they contact the cellular provider's customer service, claiming the SIM card is lost or damaged, and the provider transfers the phone number to the fraudster's SIM card. The fraudster may also exploit weaknesses in the provider's security procedures or use insider assistance to facilitate the transfer. Once the transfer is complete, the fraudster intercepts text messages and calls containing sensitive information, allowing them to compromise the business's online accounts.
- This type of fraudulent activity is called SIM swapping.
Scenario #4
- A fraudster sends an email to a business and poses as a merchant the business works with. The email contains new banking info or payment change instructions such as a new bank and/or bank account number to remit a payment request. The business then sends the funds, thinking it was their legitimate client.
- This type of fraudulent activity is called Business Email Compromise (BEC).
Tips to help protect your business and your employees
Follow these best practices to help protect your business from fraud:
- Regularly train employees across your organization on fraud tactics and how to report suspicious activities.
- Implement strong password policies (requiring 15 or more characters with a mix of upper- and lowercase letters, numbers, and symbols) and enable multifactor authentication (MFA) for all business accounts when conducting monetary transactions.
- Require all employees to use secure Wi-Fi connections and avoid public networks for sensitive transactions. Be sure to install and regularly update antivirus and anti-malware software on all devices.
- Monitor bank accounts and payments daily for suspicious or unauthorized activity. Conduct periodic audits to ensure compliance with security policies and procedures.
- Require employees to shred all documents containing sensitive information before disposal and implement strict security policies for accessing and storing sensitive data.
- Stay up to date on evolving security threats and prevention measures and share your learnings and educational resources with your employees.