Jim Rough & Jan Elezian, Indianapolis, IN - “Can You Do Me a Favor?” Fraud scams typically begin with an email that looks like it is from your supervisor, your boss, or someone else that is in charge. These fraudsters use an organizational chart as well as information that can be found online in order to find out more information about the company to increase credibility. According to Herb Stapleton, a section chief within the FBI’s cyber division, fraudsters often “do quite a bit of reconnaissance to make sure that they can make their particular pretext seem believable”. A common approach is to ask the victim to buy gift cards and then have the victim send pictures of the codes after the cards have been purchased. Common gift cards that are requested include Apple, Amazon, Home Depot, Best Buy, and Google Play. If this works the fraudsters often move up the value and may even move to requesting Bitcoin. Another known approach is a scam email from the CEO to the CFO asking that money be wire transfered immediately to a designated location.
According to the Better Business Bureau, spoofed email scams result in more losses than any other type of fraud. The Better Business Bureau states that this problem has tripled over the last few years, with most of it not being reported to authorities due to a multitude of factors, including the risk of harm to the brand. “Businesses don’t want to talk about it; they’re embarrassed and don’t want to look vulnerable” (NBC News).
Principles Behind The Success of Business Scams:
One reason is that employees are bombarded by their email at work, and it is often natural to assume that the email is from the person that is listed on the “from” line.
Relying on a sense of urgency, fraudsters prevent the victim from thinking through the decision that they are making.
In order to protect your business, there are a few steps that should be taken. First, it is important to train your employees and encourage communication in the workplace. Important training and communication points include:
Don’t open e-mail attachments or click links from unknown sources.
Make sure your malware protection files are up-to-date.
Be aware of e-mail phishing techniques:
– Check embedded links: Validate that the URL of the link matches the text of the link
itself. Hover (don’t click) your mouse cursor over the link to view the URL of the website
to be accessed.
– Look for suspicious From: addresses: Check received e-mails for spoofed or misspelled
From: addresses. For example, your company is BestFirmEver.com and you receive an e-
mail from user@BestFirmsEver.com, Do not open the e-mail without verifying that it is
– Be cautious with “urgent” or “too good to be true messages”.
As well, all invoices and payments should be checked. Limiting the amount of people that are authorized to pay the invoices and place orders is also effective. Following the above steps should help to reduce the risk of business fraud within your own company.
For more information, or to speak with one of our experts call (317) 775-3867.