Nearly 165 million records containing personal data were exposed due to data breaches in 2019.
When it comes to data breaches, businesses of any size can be vulnerable. Small businesses often don't have the resources to hire an IT staff, so they're a perfect target for business fraud. Yet, even larger corporations with the best practices in place and a trained IT staff can still fall victim to business fraud or a cyberattack.
Small businesses can face business fraud in a number of ways. Identity theft tends to steal the show as far as business fraud on the main stage goes, with over 4.8 million cases just last year.
However, you can also face setbacks such as payroll fraud, workers comp fraud, money fraud, and return fraud.
Business fraud cases are growing as fraudsters get more shifty and savvy with their methods, so it’s important to know what to look for—and clock red flags when you see them.
Friend or Fraud?
If a stranger knocked on your front door, you wouldn’t just step aside and let them inside, would you? Unless they have a warrant, your answer had better be “no.”
More likely, there’s probably a series of questions you would ask them before allowing them to come inside and look around. That’s how you should approach business fraud prevention.
Things aren’t always what they seem; it’s you and your employees’ jobs to keep your eyes peeled for fraudsters who are posing as friends, clients, banks, and other businesses to get what they want from you.
At the end of the day, a business fraudster's main goal is money, and they’ll do whatever it takes to get it.
Here are four ways fraudsters try to get their hands on your money.
1. Asking personal questions
Beware of any personal questions! This is the primary means hackers use to gain just enough information and run with it.
You might receive an email asking you to verify your security questions for a given portal, such as “What is your mother’s maiden name?” or “When is your anniversary?” These answers can help them gain access to accounts, or even offer them password insights.
Fraudsters can also pose as government agencies over the phone, like Social Security and the IRS. They might ask you to verify things like your Social Security number, account numbers, or personal address.
Example: As part of a recent scam, fraudsters would make phone calls asking, “can you hear me?” If the recipient answered “yes,” hackers would use that voice recording to verify phony credit card charges and phone/utility bills.
2. Directing you to external websites
If you open an email from an unknown sender that includes a clickable link to another website, you should evaluate it very closely before clicking.
Okay, that might seem time-consuming if you receive a large number of emails from new senders… but haste can cost you dearly if you aren’t careful.
Redirect scams work mainly by creating fake websites and luring people to visit them. Phishing websites are disguised as legitimate banks, credit card companies, or even retail shops, and invite you to provide important identifying information.
These schemes are set up solely to steal your login information, passwords, PIN numbers, and other confidential info. Phishing attacks and whaling attacks fall into this category and need to be strategically avoided.
Example: FACC, an Austrian Aerospace solutions firm, lost $58 million in a whaling attack in 2016.
3. Wiring money
Criminals get creative with this one. From posing as charities and foundations to impersonating account holders, fraudsters can slip into just about anyone’s persona to try and get you to wire your funds.
It doesn’t come as a shock that wire transfer fraud is increasing as email becomes our main form of communication. To avoid this issue, avoid accepting wire transfer requests over email, and always confirm via a phone call to a number you know and trust.
Example: The Trent House fell victim in 2012 when it received an email from a well-known client, requesting a wire transfer to be processed on their account. It even included a letter of instruction attached and signed by authoritative figures in the company. This email was fraudulent, and the money was lost.
4. Downloading sneaky software
The average cost of a malware attack is $2.6 million. Don’t make us say that again. Malware is a huge risk, and over 94% of all malware deliveries come straight through your email inbox.
Malware is short for malicious software, and it is essentially a blanket term for viruses, worms, trojans and other harmful computer programs that hackers use to gain access to sensitive information stored in your computer.
This software comes in all shapes and sizes, but can often be seen as downloadable programs, software tools, ransomware, or ads in your inbox.
Example: In 2019, Capital One became victim to one of the largest data breaches ever when a hacker gained access to over 100 million customer accounts. How’d the hacker do it? She exploited a misconfigured web application firewall.
Got 'em! Now what?
Okay, so you’re a pro. You were vigilant, alert, and knew the signs of fraudulent activity, and you think you spotted a phony email. The best thing to do is trust your gut.
Nine times out of 10 if you feel like a phone call or email is sketchy, it probably is. Don’t trust the Prince from a faraway land when he requests to wire you $100,000 and tells you all he needs is your account information.
If you already have a security team in place at your business, you should notify them immediately. They’ll almost certainly have a system of verifying the email or caller you’re dealing with and know what to do if someone is attempting to steal your information.
There are countless ways that these fraudsters will scheme their way around your business.
The secret to security: be on the defense
One of the keys to prevention is, knowing what to look for. Stay active with training employees on security practices, and be sure to have a plan in place when that phone call from your “client” requesting your password reset doesn’t sound legit. If you don’t have a security team in place, consider hiring one to protect your resources. Marco can assess your security level and help you implement a protection plan to dodge whatever fraudsters have up their sleeve.
Today’s businesses need to maintain an increased awareness of security to protect themselves from fraudsters and cyber threats. At Marco, we’re dedicated to helping businesses of all sizes gain access to the information they need to ensure their practices are actually protecting them. That’s why we offer a free Small Business Network Setup Checklist offering information on the top security best practices for today’s businesses.
If you’re looking for some insights into what your internal policies should be regarding physical and network security, review our checklist of IT security best practices. Feel free to contact us to learn more about assessing your security through IdentifyIT.