By Dave Ignaski, Payroll/Tax Compliance Manager
Think your business is immune to fraud? Think again.
According to a recent webinar hosted by Schneider Downs, 61% of fraud attacks happen to organizations with less than 1,000 employees.
Over the past few weeks, we’ve become aware of several of our clients being duped by fraudulent email scams. These scams involved situations where users were tricked into providing private information, such as routing numbers, via email to a cybercriminal who has masked a trusted source’s email address.
These kinds of situations are happening everywhere. It’s easy to say, “that will never happen to me or my company,” but the reality is that cybercriminals are becoming more creative and deceptive to get your private information.
Identifying Two Common Fraud Methods
It’s important to note that we are only scratching the surface in this post—there are many types of fraud and new fraud methods are continually being discovered.
Phishing
Phishing, in its most well-known form, happens when a cybercriminal sends a generic email masked as a familiar person or vendor in order to trick users into sharing protected information.
Forbes recently reported on a new kind of phishing: spear phishing. This type of phishing specifically targets users with a very believable message, meaning they’ve done their research on you and your company. They also focus on trying to find ways to get a user to open malicious Word or PDF documents.
Email Spoofing
Along the same lines of spear phishing, email spoofing has become popular among cybercriminals. Lifewire defines a spoofed email as one where the sender purposely alters parts of an email address to look like it was written by someone else.
4 Ways to Protect Your Business from Fraud
Unfortunately, most of the time you won’t know you or your business have been hacked until after it happens. Here are some details to look for and steps to take to avoid fraud and protect your business.
- Know What’s Going On
Making sure that you and your team are informed is critical, as it can make a huge difference in identifying and preventing fraud. We recommend signing up for webinars and newsletters (check out a few resources at the end of this post) to help you stay up-to-date. - Take Preventative Steps
Did you know that 65% of passwords that require uppercase, lowercase and numerals have the first character capitalized and a number as the last character? That makes it easier for hackers to find ways to hack your password.Make sure to continually update your account passwords and make them difficult to decipher. - Get a Closer Look
It is common for cyber criminals to mask a trusted email to gain access to important information. If something the email looks suspicious, the first thing you can do is hover over the email address in the “from” line to see if the address is being spoofed.Next, ask yourself: does the content of the email in question seem like something the sender would ask for/email about? Does the tone of the email and the wording seem on par with who they are within your company? - Pick Up the Phone
When it doubt, give the sender a call and ask them if they actually sent the email in question. A simple verbal conversation can help you prevent a data breach.
Resources
The bad news is that no matter what, cyber criminals will try to execute their plans on your business. The good news? You can take steps to prevent it.
There are countless webinars, blog posts and email newsletters to look into. Here are three reputable accounting firms who have content to help you remain up-to-date on cybersecurity issues and insights:
Save the important information we’ve shared for later by right-clicking the image below!
Learn more about how SentricHR can protect your business from fraud with ongoing reporting, monitoring and more.
