Most businesses today have an online presence and most accounting departments use online tools that make accounting faster and easier. Whether you are a small business, SME or a large enterprise, you will have no doubt benefited from the internet; after all, it helps to make payments instantly, leaves an easily accessible trail of transactions, and improves the efficiency of your employees.
However, accounting departments’ reliance on the internet and cloud-based applications has also opened the doors of opportunity for cyber criminals. According to PWC’s Global Economic Crime Survey 2016:
- Cybercrime climbs to the 2nd most reported economic crime affecting 32% of organisations.
- Most companies are still not adequately prepared for – or even understand the risks faced: only 37% of organisations have a cyber incident response plan.
Is your business vulnerable to the most common frauds?
When it happens, it comes as a rude shock. When a business it hit with an online scam or any other economic fraud, there is the obvious risk of losing money. But it is often secondary to the sudden loss of reputation or loss of sensitive information. The costs of remediation and compliance can be really high when you try to close the stable door after the horse has bolted.
Accounting departments are often at the top of the list of fraudsters. Here are the most common and effective methods that online scammers or fraudsters use to wheedle money out of businesses like yours.
Phishing attacks are usually made to demand transfer of money or to gain access to confidential information such as login credentials or account information. Such emails may not necessarily demand payment - some may just ask for your confidential information. They gather information regarding the authorised personnel and accountants. This information can be used at a later date to commit an email fraud.
For example, online fraudsters often send emails that seem to come from the CEO or other authorised person. For this they can use forged email addresses using email masking techniques, or simply use emails, IM or other communication channels, that appear similar to the original communications. Such emails may relay instructions for the urgent transfer of money to a particular account.
For example, let’s suppose that Mr. A is finance director of ABC Limited. You usually receive emails from him asking for payments to be made to specific bank accounts. His email address is firstname.lastname@example.org. One day you receive a request to make payment to an existing or unknown bank account - from the email address email@example.com or firstname.lastname@example.org. Often the email is almost identical to the original one.
2. Forged documents
The fraudster poses as a regular supplier and sends dummy invoices with details resembling the normal business invoices but with different bank details. In order to force the accountant to make a hasty payment, they may say that the due date for the payment has passed or say that non-payment will negatively affect your credit rating. The fraudster may also send a request for change of bank details via email or send a document on a letterhead requesting such change.
3. Social engineering
This technique psychologically manipulates people to give up confidential information like passwords or bank details. It may also be used to trick people into giving access to the computer system and secretly install malicious software, which will help the fraudsters get control of the computer and access to banking information and passwords
For example, you may receive an email from your friend whose account has been hacked, asking you for urgent monetary help or requesting you to donate to a charitable fundraiser.
Ransomware is a malware that gets installed when you mistakenly open an attachment. It is usually disguised as a legitimate file that gets downloaded unknowingly. Once opened, it encrypts your files or the entire hard drive, making it completely inaccessible. It is often set up so that only one file is left behind, which when opened issues demands for a particular amount of money, often in Bitcoins.
Only after the payment of ransom will the data will be decrypted. The victim is left with no option but to pay the amount demanded to get the data decrypted.
Is your business safe?
Have you taken all the steps you can to combat these types of fraud? Compare your actions to the list of key fraud prevention measures to find out – download our free fraud prevention checklist.