Fraud or cybercrime? Protecting yourself and your Data.
Fraud is when trickery is used to gain a dishonest advantage, which is often financial, over another person. Cybercrime is any criminal act dealing with computers and networks.
Both individuals and businesses become victims of fraud every day. Other words used to describe fraud could be scam, con, cheat and confidence trick. The cost of fraud is escalating and is reported to be between £130bn to £190bn a year. According to Office for National Statistics people are a lot more likely to be victims to fraud than any other crime.
With more people working from home, the opportunity for employees to be duped into parting with money or information by emails has increased massively. We are working out of our comfort zone and also away from usual routines and procedures, which leaves us vulnerable to attack.
Some of the things that can help you spot a scam:
- Unusual correspondence from a senior member of the Company – Emails purporting to be from a Senior Manager or Director of your company asking you to settle a bill or make a payment urgently. Check the email address – is it actually from that person? Make a phone call to find out. Would they normally contact you to make such a payment if you were in the office?
- You are being asked to share personal or Company details – These could be anything from basics like date of birth to bank details, PIN numbers and passwords. Financial and Insurance companies may ask for these before discussing your account in detail, but be wary of calls made to you. If in doubt, hang up and call them back but use the number from your credit card or bank statement, don’t just redial the number as often scammers will register very similar numbers. You can also try giving false details to see if that flags up! Also, would you usually receive these calls or would someone else normally deal with it?
- There are spelling and grammar mistakes and the English is poor – legitimate businesses should not make obvious mistakes. Often scam emails or communication will not read well but some can be extremely convincing.
- The contact details or email address is vague or uses additional text – a good example is PayPal. Their email is usually straightforward and has an image icon attached to it – PayPal@mail.paypal.co.uk. A lot of the time, these emails will not originate from the correct server and therefore a new, similar address will have been registered such as paypal.myemail.com. Be wary of emails from ‘colleagues’ from non-company email addresses such as Hotmail, gmail etc
- The offer seems too good to be true – found something for sale online that is a lot cheaper than in the shops or other, well known vendors? Most likely it is a scam, possibly someone is selling it much cheaper, but stay alert and ask to see the item first or pay through PayPal with buyer’s protection. Be especially aware of software downloads such as Adobe, AutoDesk or Microsoft which is a lot cheaper. You will usually find this is illegitimate and won’t activate once you have downloaded it, will not be a full version or may even be a virus or malware.
- Changes to bank details for suppliers – receiving invoices and the bank details have changed without prior notification or notification of bank account changes are a common way for scammers to get you to pay into their account and not the official account. Cybercriminals can attack less secure email systems enabling them to intercept and change emails and attachments before it is received by the legitimate recipient. This allows them to alter bank details on documents as they pass from the sender to you. Be wary of changes in font or text size in documents, either around payment details or amounts or if email seems to be taking longer than usual to be received or some mail isn’t getting through. If in doubt, pick up the phone and check verbally.
How can you protect your Employees and your Business from Cybercrime?
Education is key. The majority of fraud, scams and viruses require some form of user intervention in order for them to take effect. This could be releasing an email from quarantine, responding to a phishing email, clicking a link, running a file, giving remote access to a device or giving information over the phone.
Educate your users on common tactics used by cybercriminals and fraudsters. Use cyber security awareness training to show them phishing emails and send test emails to them to see if they have learned from the training.
Initiate procedures for key areas of your business or update procedures to reflect your current working environment. How will a Director or Senior Manager request a payment be made if they cannot pop down the corridor and tell you? Via email or phone? Will instruction only be taken from corporate email or can users use personal email (We would strongly recommend only company email is used for business purposes!)
Make sure your systems remain secure and up to date. Who is keeping your server and office PC’s updated if no one is in the building? Who is monitoring remote access to your systems? If employees are using their own systems to work from home are they up to date and secure with adequate anti-virus? Are users downloading confidential company data on to home PC’s which could be more vulnerable than your corporate machines?
If you would like more information on security awareness training for your staff, would like a security health check or advice on working from home securely, contact our friendly team. We can also offer Back to Work healthchecks to ensure that, when your staff do return to the office, their systems are all ready to go, safe and secure.
If you have fallen a victim of a fraud or have been targeted by cyber criminals, you can report the crime to Action Fraud on https://www.actionfraud.police.uk/.