Guest blog provided by Trevor Buxton, certified fraud examiner and fraud communications manager, PNC Bank
Fraud schemes against businesses are becoming more prevalent and complex.
Perhaps the biggest scam involves phishing and compromised business emails.
Chances are you’ve seen these types of phishing emails pop up in your own account. They might request a wire transfer by pretending to be the CEO of your company. It could also include changes to payment instructions for a vendor.
This type of fraud often targets checking accounts, credit cards and business accounts. If successful, it could cause you to lose customers, money and productivity, or it could cripple your business for a period of time.
But that can all be avoided with the proper training.
What to Look For
It’s human nature to want to open attachments, click on links and pay your bills, but don’t get too hasty. Stop, examine the email and don’t click on anything until you know the email is from a trusted source.
There are many tell-tale signs of a fraudulent email. Look for small imperfections in the sender’s email address. For example, a fraudster can replace the letter W with two Vs. At first glance, it’s easy to fool the eyes into thinking this is actually a W, making the email address look legitimate.
Verify the request with the email sender, whether it’s coming from the CEO, payroll, or outside your organization. Would a vendor send an email requesting payment, or would they send a bill through the post office? Call the company and ask if they sent this request and if you owe them any money.
Provide regular training on phishing to your employees so they can spot the signs of a fraudulent email. This might seem time consuming and cumbersome but it can protect your company against fraud.
Get multiple approvals on payment systems. The more hoops customers have to jump through, the more protected they will be. Explain to customers your protocols for seeking payment and communicating with them so they know, up front, whether an email is legitimate.
Finally, don’t put your entire company’s life on social media and websites. In a world that communicates online, this is easier said than done but it pays to be cautious.
Fraudsters often look to company websites to gain information to defraud a company and its customers. They’re looking for staff rosters, job descriptions and vacation protocols, to name a few. If you list everyone in your organization and what they do, that’s all the bad guy needs to defraud you and your customers.
You can still post information online and the success of your business may depend on it. Just make sure you put safeguards in place to combat misuse.
The moral of the story: It pays to have an informed workforce and a healthy dose of skepticism.
Learn more, visit PNC’s security and privacy site »