Isabelle Lord | Desjardins Group
While it's an invaluable tool for business, the Internet can be a double-edge sword, as it's an invaluable tool for crime, too! Criminals are always looking for new ways to beat the system, so here are some scams to be aware of in the digital age. Share them with your employees and ask them to stay on their toes.
1. Senior executive impersonation scam
A criminal might hack into the email of a corporate executive, keeping an eye on their messages over a number of weeks or months to get an idea of who does what. Then they will write to an authorized employee from the executive's email account, and ask the employee to make a money transfer, while perhaps flattering them and asking for the utmost discretion (because of course it is for a top-secret acquisition and this responsibility couldn't be entrusted to anyone else!). The back-and-forthing will then continue up until the money has been transferred.
Set up a strict procedure for money transfers, including a systematic confirmation of any major requests using a communication method other than email. And make sure that only authorized personnel are aware of the policy.
2. Service provider impersonation scam
In this case, the criminal might hack into a provider's email. From there, they will write to the company to have them update the banking information they have on file. The payments will then go directly into the scammer's account and the legitimate supplier won't see any money until the fraud has been detected.
If a supplier emails you to ask that their banking information be updated, give them a quick call to confirm the number on file to check if the request really is coming from them.
After making a purchase by email, the "client" may send in a cheque for too much money. They must have confused the amount owed to another company, or maybe revised the initial order downwards, so they would like a refund. But the cheque is a fraud and the crook walks away with both the overpayment amount and the goods that were delivered.
Require exact payment from clients. In the case of emergency, suggest a different payment method.
You might get an email with the logo of a bank or another major company telling you that there is a problem with your account (bank account, email account, etc.) or it might say you've come into some money. In either case, it's urgent--you must act now! Just click on a link and enter your personal and banking information. But of course both the email and the website are fakes and the scammer now has access to your information and can hack your email or steal your identity.
An email warning you about a problem or letting you know about a windfall should raise suspicions, especially if it suggest that things are URGENT. Even if it has the logo and signature of a company you trust, don't click on the link and never open any attachments. Use the official contact information you have to contact the company directly--don't use the information in the email--to confirm whether it is legitimate.
And be sure that you have adequate and updated IT tools to stay safe!