December 29, 2016

6 Common Scams Every Workplace Should Know About

If internet scams aren’t on your radar, they should be. 

In the financial sector, a study by Financial Fraud Action (FFA) UK, showed that a quarter of businesses have fallen victim to or disrupted a financial scam.

The most common victim for fraudsters in the study are senior management in small and medium sized organizations (SMEs), and employees in large companies.  

But almost 7 in 10 business leaders said they haven’t taken any action to protect their business and employees from this type of fraud.

Here are 6 common scams to watch for:

  1. CEO SPOOFING: Victims receive an email claiming to be from the CEO asking that they make an urgent payment outside of normal procedures – the money is inevitably stolen. An FBI alert reported a 270% increase in CEO scams since January 2015. How to spot: Emails are written in a different style than usual, and there is an uncommon payment request.  
  2. EMAIL SCAM: Phishing scams appear to be legitimate e-mails but are fraudulent messages that may lead to downloading viruses and/or attempting to collect and steal personal information. How to spot: Beware of unsolicited emails that require clicking through. Look for grammar mistakes and other inconsistencies.  Equip all hard drives and network systems with anti-phishing software.
  3. INVOICE SCAM: Fraudsters research a company so they know what suppliers are used and when regular payments are due. Then, posing as a supplier they create phony invoices. How to spot: Watch for small discrepancies in invoices such as a different address. Implement a standard accounts payable process so all invoices are validated.   
  4. TEXT MESSAGE: Text scams called ‘smishing’ look like they’re from a bank or other trusted organization and alert the victim to an account fraud or personal issue. How to spot: Most smishing messages play on a fear of some kind (theft, accusations). Any correspondence that requires personal details is usually a scam.   
  5. INTERNET SCAMS: A fake pop-up sends a ‘scam alert’ message. By clicking on it links to a fake website or allows malware to be downloaded. How to spot: Beware of any unsolicited message that requires you to link somewhere else.
  6. PHONE SCAM: Fraud over the phone – called 'vishing' – is still popular too. It’s when a fraudster calls claiming to be from the bank or some other trusted organization (the fraudster may have researched basic bank and personal details). How to spot: It’s a scam if personal or financial details such as PIN numbers or banking passwords are required.

Protect your workplace by encouraging employees to always be suspicious and on the look-out for any type of scam. On-going security training should teach them to question every request for any type of payment or information change and to never disclose sensitive personal information on a phone call, text or email. They must confirm that requests are genuine in other ways.

All organizations should implement a culture of security from the top down. Security processes should be embedded into the workplace.

Also, partner with reliable third parties for security-related services. For example, outsourcing document destruction eliminates many security risks.

Find out how to keep up with all the best practices in data security – to protect your employees and your organization.