2011 has been quite a year for scammers. There's no doubt
they are getting more sophisticated, more clever and, arguably,
more successful. This is especially true of those who use the
Internet to target their victims.
Think you and your business could never be taken in?
Then it's probably wise to think again.
No doubt there'll be a few more in 2012; but, whatever new
schemes arrive, there's little doubt they all play on the same two
human drivers - fear and greed.
Perhaps we should all be a little more wary before we decide we,
or our staff, can't possibly fall victim. Reading the
descriptions of almost all the biggest scams out there, it's hard
to believe that anyone can fall victim. But they do, every day. So,
it's a good idea to imagine that your business and the people who
work there are as vulnerable as anyone else.
Here's a run down of some the common types of scams out
there.
Identity Thieves
Whether it's known as phishing, vishing or even smishing,
doesn't make much difference, the aim is always the same - to
capture personal information almost always to gain access to bank
accounts, credit cards or other funds.
Phishing is done through emails; vishing comes over the phone
and smishing attacks specifically target mobile phones.
There are countless examples of these scams, but there's one
golden rule to stop them dead: don't take any action, enter any
information, call any number, visit any website as directed, or
open any attachment unless you know for sure where a communication
has come from and trust that source.
Even this doesn't guarantee immunity all the time because some
malicious apps, once opened, will use a person's address book and
send emails as though from them.
If something looks suspicious, don't click on it, open it or
spend any time scanning it. Never open an executable programme that
is attached to an email unless you are sure of its source.
Just delete it and check with the supposed sender that it was
legitimate. It can always be re-sent if it was.
Fake Invoices
Fraudsters often target businesses in the hope that a busy
workplace doesn't always allow for sufficient checking.
A business might receive invoices for services or items that
have simply never been provided - perhaps some advertising in a
legitimate directory that was never placed.
Sometimes these invoices may actually be disguised invitations
to buy into a service.
Such a scam can be beaten by having a relatively simple
signing-off process for all invoices, traceable to the individuals
responsible for ordering a service or product.
The Cash for Cheque Scam
This is a favourite of scammers targeting online retailers
especially. The principle is simple. A potential buyer offers to
pay by cheque - perhaps even a banker's draft. When the money comes
it is for more than the agreed amount. An elaborate and often
convincing story follows as to why this has happened and you are
asked to transfer the excess money to an account.
Of course, the original cheque turns out to be fake and
worthless.
Clearly, the moral is never go along with reimbursing any money
until you are 100 per cent sure any funds sent have actually been
cleared in your account. And if anyone offers to pay over the odds,
this should immediately set off alarm bells.
Banking Scam
The quality of these scams can range from the laughably bad to
quite convincing. So it's as well to make sure any relevant people
in your company are aware that they may be
targeted.
The scam usually consists of an email claiming to be from your
bank and asks that an attachment is opened and information entered
in order to carry out a security check or verify an account.
Obviously, the claim is a con and the information can then be used
to access your bank account.
Phone Scams
Many, many scams start with the unsolicited phone call. Again,
the con artists hopes to exploit the fact that your staff are busy
and perhaps can be taken unawares by a carefully scripted
patter. It's all too easy to agree to accept a service or
product that you don't really want or need.
Often, the criminal will simply be after information that can be
exploited later. This might seem relatively innocuous, such as the
brand and model of computers you use. But this information
can be used at a later date - showing that they have this knowledge
can make the scamster seem believable.
Here are some measures you can take to protect your
business.
- Make it clear who has permission to order goods and services on
the company's behalf. This way, anyone else can simply say that
they don't have authority to agree to anything.
- Make it policy that no orders for goods or services are ever
entered into with cold callers the first time contact has been
made, no matter how good the offer may sound. Always go away and do
some research before agreeing to anything.
- Put things in writing and keep copies and records of
posting.
- Don't sign anything before checking all terms and
conditions.
- Warn staff to be on their guard against the possibility of
scams and to not be afraid to seek advice.
- Educate staff about the risk of malware being introduced onto
computers.
- Get on police alert or council alert lists - most have them and
they can provide a warning of specific scams that are known to be
operating.
Keep in touch with Action Fraud http://www.actionfraud.org.uk/
the UK's national fraud reporting centre.
