Protecting your business against fraud is a particularly hot topic at the moment with many more people working from home. Recently there have been lots of webinars taking place to help support businesses to protect themselves against fraud. One of these was hosted by Lauren Malone Events and Campaigns Manager at Enterprise Nation and Ashley Hart Head of Fraud at TSB Bank. During this 30 minute session they provided lots of useful information which I have summarised below:
- Criminals are running fraud as a business and therefore looking to make money and the pandemic has been a good opportunistic hook for fraudsters to contact people and try to get hold of as much money as possible.
- Increased communication from official bodies e.g. government, local councils, HMRC, etc present the ideal opportunity for fraudsters to try and clone the communication and use it as an opportunity to reach into people’s lives and extract as much information as possible.
- Remote working as created an ideal opportunity for fraudsters to get in touch, for example contacting you to say that your broadband is running slowly and that they are from BT/Talk, etc and can help you fix it if you give them access to your PC and some basic information – at the moment this scam is obviously more believable as people are at home more using their broadband and hence more people are becoming victims of it.
- From a business perspective a fraudster will see gaining access to a business email account as key as once they have this they can easily use this to generate as much revenue as possible as they can for example, see who you have been corresponding with, they can email invoices out to your clients/customers with new bank details on them and they can also modify your email settings and send emails that appear to come from you, but they will never appear in your sent items and you won’t see any of the replies to the emails and you will only become aware of them when your customers/clients are late paying and you get in touch with them to find out why. By this time the fraudster may already have made a lot of money out of your business and you will be left empty handed.
- Common emails that fraudsters will send to your business clients/customers will be along the lines of “We have just changed bank details and here are our new details. Please use these details for all future payments.” The scammer will even mimic the style that you normally use in your email so that they sound more like you.
- CEO fraud is one of the largest growth types of fraud at the moment. It usually involves the fraudster sending an email that appears to come from the CEO or owner of a business and asks you to make an urgent payment and will usually say I haven’t got time to call you to discuss this as I am in and out of the office or in and out of meetings and therefore here are the bank details to make the payment – due to the urgency stressed in this email people often make the payment without thinking first which is exactly what the fraudster wants you to do.
- It is important to protect your email account in the same way that you protect your house, your shop, your car, your van, your car keys, etc and ensure that you have a complex password and have 2 factor authentication (2FA) enabled as email is the front door into a business when it comes to business security.
- Use complex passwords and don’t use the same password on multiple sites.
- Use 2 factor authentication (2FA) where possible as this makes it much more difficult for a fraudster to get in.
- Use password managers such as Google Password, Last Pass, 1 password but be careful when selecting the master password and if fraudster gains access to your password manager they will have access to all your passwords in one go.
- Ensure that you use well known and tried and tested password managers such as the ones listed above as there are scam passwords managers on the apps stores which fraudsters use to collect all your passwords in one go.
- It is important to have systems and processes in place for dealing with out of the ordinary payments and making sure that everyone including staff customers, etc are aware of this process and know that this is the only process that will be used.
- Use file sharing services such as One Drive, Google Drive, etc instead of sending documents as attachments as these allow you to assign who has access to specific documents and is more secure.
- Avoid sharing passwords between multiple users – each user should be assigned their own access to systems, etc.
- Ransomeware scams are becoming more and more common
- It is important that you have good anti virus software and it is worth investing in this
- It is worth having a look at the TSB Fraud Prevention Centre which provides lots of information and can be accessed by both TSB and non TSB customers. The link for this is https://www.tsb.co.uk/fraud-prevention-centre/
It is definitely worth listening to this webinar in full as we gained lots of information from it. The webinar is avaliable for free at https://www.enterprisenation.com/learn-something/protect-your-business-against-fraud/.