In recent years, companies have experienced a growing number of fraud attempts, with the aim of stealing money from the company itself, its customers or its suppliers. Below are some examples based on actual attempts and the top 10 tips for avoiding fraud attempts.
With these guidelines, you will protect yourself and your business against this threat. Some examples detected in different countries over time:
- In the finance department, several employees are contacted by telephone or by other means by people posing as a director or even the CEO. They usually ask that a emergency bank transfer and confidential. They can also ask names or phone numbers of other extensions or other sensitive company information. These types of calls often occur just before a vacation period or at the end of the day in an attempt to avoid checks.
- Other collaborators received fake emails ask them to change the bank account associated with a regular payment (for example, rent for an office).
- Customers and suppliers are also affected by these fraud attempts. Some have received fake bank account numbers and they ended up paying crooks thinking they were paying their business. Some suppliers have been instructed to deliver computer equipment to fake addresses, associated with fake orders.
.
Stay vigilant
Scammers are well organized, highly specialized, and use advanced techniques to try to cheat you. They have the means to improve their chances of success – they can easily organize fake phone calls, fraudulent emails, illicit web portals, or even use social networks. These are criminal organizations that represent a real threat to businesses. Your vigilance is essential to help protect your business.
Ten tips to avoid fraud attempts
1- Use common sense. If the post seems strange to you for some reason (ie poorly written content, unusual vocabulary, etc.) or too good to be true, don’t respond!
2- Never act only on the first call. Take your time to verify and verify the identity of the interlocutor. Ask to identify yourself and ask for a number to call back (and consult the company directory). In most cases, this can already deter the interlocutor, in case of attempted fraud.
3- Identify red flags. They will never ask you to make a wire transfer or request confidential information without going through the normal process.
4- Follow the business processes established in your unit and the safety rules. Some departments such as Finance or Purchasing have strict rules in place to detect and block these malicious attempts at financial fraud. Please contact your local CFO or purchasing manager.
5- Ask for help / support from your direct manager in relation to any strange, unusual or suspicious situation that comes your way.
6- Beware of any unexpected email, with attachments or weird links. To help you detect malicious or phishing emails, a red message currently appears at the top of incoming external emails. The purpose of this notice is to remind you to be vigilant and to review the message in detail, as it has an external origin.
7- Never reveal company information to someone you don’t know. Be careful with messages or phone calls that ask for contact details, personal data, or financial information, for example.
8- Never provide company information (organizational charts or personal contacts) on public web portals.
9- Scammers often try to impersonate technical support staff, for example by offering to fix something on your computer or install new software. If you haven’t made the call, ask for a number to call back (and check your corporate directory). In most cases, this can already deter the interlocutor, in case of attempted fraud.
ten- Do not click on advertising windows (“pop-ups”, “ads”) on public web portals.
And an additional tip: in e-mail conversations that you receive from other colleagues and which have a high number of recipients, check that no unauthorized email has been included among these recipients, external or false (it is convenient to check the actual address, not the “alias” that might be displayed). Especially in emails in which sensitive information is transmitted. This is another typical tip of social engineering for the purpose of transmitting sensitive information to unauthorized personnel.