How do you spot a scam in progress and prevent your business from being breached?
According to CERT’s latest quarterly fraud report, scams and fraud are on the rise in New Zealand with 666 incidents reported in the last quarter, up 236% on the previous reporting period.
With fraudulent activity on the rise, how do you spot a scam in progress and prevent your business from being breached?
Scams usually start when someone makes unexpected contact with you or someone in your business. This could be in person or by phone, letter or email.
Generally speaking, they are after three things:
- Personal information (date of birth, address etc.)
- Financial information (credit card details, bank account number)
- Money (e.g. they want payment of an invoice or money in exchange for a so-called service they will provide).
In exchange for this information, they may:
- Make you an attractive offer, e.g. tickets to a ‘sold out’ event.
- Say you urgently need important products/services, e.g. software updates, payment for transport of goods.
- Pretend to be someone they’re not, e.g. your bank, or a supplier that has an overdue invoice which requires immediate payment.
Red flags you should be looking for include:
- They will target someone junior within your business or someone in an unrelated part of the business (e.g. email a personal assistant about an unpaid invoice when they should be talking to the finance team).
- Typos and poor grammar in their communication with you.
- They will be vague in their description of the issue.
- Their offer will be too good to be true.
- Any offer to call them back / email them back will irritate them.
- They will use high pressure tactics to get you to take action straight away – a recent example our independent cyber security consultancy, Aura Information Security heard about involved phone calls where the recipient was told they had an overdue fine or tax bill and would be arrested if they didn't buy gift cards and give the scammer the voucher codes immediately. People who were scammed said that they knew the request didn't sound right, but the caller was so persuasive and threatening that they felt like it was worth the risk to just pay the "fine".
If you think you’ve been scammed:
- Immediately stop all contact with the scammer.
- Let others in your business know someone has been trying to scam you (it’s likely they may target several people within your business).
- If you’ve given over any financial details, call your bank and let them know so they can block any attempts to access your account.
- Report the scam to your IT department and / or CERT NZ.
It’s much easier to call up your bank, service provider or IT provider direct to see whether they’ve been trying to contact you; AND no bank should ever request your password over the phone or via email.