Block these common swindles before they start
March is fraud prevention month, and the bad guys have been busy. The Canadian Anti-Fraud Centre reports that in January this year, more than $10 million has been lost to fraud, while scammers racked up theft of over $106 million in 2020 – and that’s just the amount that was reported in 68,000 cases. Much of that is taken from unsuspecting business owners, managers, and executives. Here’s a look at the most common scams targeting businesses, with some tips on how to protect yourself.
Invoice scams and swindles
One of the most common frauds perpetrated against business owners is a fake invoice for supplies or services that were never delivered. Often, the invoice contains a fine print that identifies the bill as a solicitation. Generally, the amount is small enough to not initially raise a red flag.
Scammers are very diligent in their research of targets, searching out existing business relationships (much of this is already in the public domain through social media sites). The business owner or manager or employee will get a spoofed email that looks like it comes from a trusted source, asking for payment or a change to banking information or for other confidential data, such as passwords and banking login information.
It’s called spear-phishing, and it is one of the most commonly used cyber attacks now in use. The CAFC lists these six warning signs that an email may be a fraud attack on your business:
- It’s an unsolicited email you were not expecting.
- It appears to be a direct email from a senior official in your company whom you are not normally in contact with.
- It requests absolute confidentiality.
- There’s pressure or a sense of urgency.
- There’s an unusual request to take an action that does not follow your business’s normal internal procedures (e.g., buy gift cards online and send them to someone “confidentially”).
- There are threats or unusual promises of a reward.
The CRA/bank threat scam
This particular con never seems to go out of fashion. And plenty of smaller business fall for it every year. Usually it takes the form of a telephone call directly to the business owner or key employee. Typically a voice recording claims to be an “agent” of either the Canada Revenue Agency or Service Canada. The recording claims that you owe back taxes, or that you are under investigation, or that you have committed a tax fraud of some sort. It’s accompanied with a threat that if you do not respond to the call or give the information requested (often banking or social insurance number), legal action will be taken against you, including arrest and seizure of assets. Immediate payment is demanded through some money transfer business, pre‐paid cards/gift cards, or cryptocurrency.
A similar scam is a message that claims to be from your bank or credit card company, stating that your account has been compromised in some way and asking for confidential personal information to “re-set” your accounts.
It’s a jaw-droppingly ridiculous scam, because no government department or agency, or indeed any financial institution or reputable business will ever call, email, or text message you with threats or demands for information or payment of any kind.
If you receive such calls, simply hang up without engaging. You may report the call to the CAFC or to your financial institution.
Social media scams
Fraudsters are increasingly using a new type of social engineering scam involving fake social media accounts. These often appear to be from municipal government officials stating that the small-business owner, manager, or executive is qualified to receive Covid-19 relief payments. As is usual with this category of scam, the target is asked to link to an official looking “log-in” page that requests confidential information or demands that a “deposit” payment be sent in advance with pre-paid gift cards before the relief funds are released.
Again, it’s an audacious scam, as no government agency at any level will ever reach out to any business or individual to offer funds of any kind. Much less demand a “good faith deposit” in the form of gift cards. Never respond to these, and instead forward the email to the CAFC.
Protect yourself and your business
The Better Business Bureau advises that the first line of defense against fraud is to keep clear records of purchases and invoices to help guard against bogus accounts and invoices. In addition, establish proper payment procedures, including multi-person approval for larger transactions. And avoid wire transfer and pre-paid card transactions altogether.
Maintain robust IT security, including firewall, malware, and anti-virus protection. And never click on links in unsolicited, unexpected, or suspicious emails or text messages.