Fraudsters are continuing to exploit the Covid-19 pandemic to scam people and businesses in often quite sophisticated and targeted attacks. Lately, fake NHS texts have been circulating in an attempt to steal people’s bank details. In this article we talk about some common scams to watch out for and give some tips on how to protect yourself and your company.
Common types of scams
Scammers can approach you via text, phone, email, social media, or in person. They’ll try to trick you into giving them money or personal information. These are a few types of scams to be wary of:
An employee receives an email purporting to be from the CEO, CFO, or other senior member of staff, asking them to make an urgent payment or to share sensitive information such as bank account numbers, credit card details, or passwords. They impersonate the senior figure by hacking into their email account, spoofing their email address, or using a very similar email address.
How to avoid: educate employees so that they’re able to question any urgent or unusual payment requests. Ensure that they’re comfortable asking senior members of staff to verify payment requests over the phone or in person.
Since the first lockdown began in March 2020, the number of investment scams has quadrupled. With this type of scam, you receive an email, phone call, or social media message regarding an investment opportunity. The scammer will usually pressurise you into making an investment before you have time to consider it properly, often by giving a time-limited offer. These scams can be sophisticated, with the fraudster appearing to be financially experienced and having a professional-looking website or documents.
How to avoid: always be sceptical of unsolicited investment pitches. If you get cold called, the safest thing to do is hang up. Use the Financial Conduct Authority (FCA) Warning List online tool to check the risks of an investment opportunity and check the FCA register to see if the firm or individual is authorised.
Tech support scams
Cybercriminals are taking advantage of the fact that more people are working remotely. You may get a pop-up on your computer or a phone call from someone claiming to be a tech support representative from a well-known company like Microsoft. They’ll typically offer to repair a fake problem with your computer and will try to gain remote access in order to install malware and steal information.
How to avoid: it’s a good idea for all companies to have technical support, either in-house or outsourced. Make sure your staff know that they should go to your tech support team for all their IT problems and not to trust anyone else. Advise them not to engage with pop-ups by clicking links or calling any listed numbers.
You may receive a text, call, or email claiming to be from a trusted organisation such as a bank, the government, or the police, trying to convince you to make a payment or provide your company’s financial information. During the Covid-19 pandemic there have been many bogus texts and emails claiming to be from the government or HMRC that notify businesses that they’re eligible for a grant or tax refund, with a link to a fake website to enter their personal details.
How to avoid: be suspicious of any message you receive out of the blue asking for your personal details. If you’re in doubt, contact the organisation directly with the email or phone number on their official website. Never click on links or open attachments in suspicious messages as they may contain malicious software. You can report scams by forwarding texts to 7726 and scam emails to firstname.lastname@example.org.
Invoice and mandate scams
Fraudsters will conduct research on a company and find out who its suppliers are and when regular payments are due. Impersonating a genuine supplier, they’ll request that you update the bank account details you have on file so you’re tricked into paying the fraudster money rather than the actual supplier. Or they may send you a seemingly authentic invoice with a supplier’s details and logo but with their own account details.
How to avoid: if you’re asked to change payment details, call the business to validate the request using a number you know is theirs. A solid three-way matching process (cross-referencing invoice, purchase order, and order receipt) will help to mitigate the risk of fraud. Ensure your employees look carefully at invoices and check for irregularities.
Tips to protect your company
Now you know some of the common scams to be on the lookout for, here are a few top tips to help you safeguard your business.
- Create a “human firewall” - Train your employees to recognise the signs of a cyber-attack and report anything suspicious to IT. You could try testing them and measuring the success of your training programmes with simulated phishing emails
- Take care with what you share publically – For example, if you have information about your suppliers on your website, you may want to consider removing it to protect yourself against invoice fraud
- Equip yourself with the right technology – Some antivirus software packages have extra features to prevent scams and can warn people when a website seems risky. Make sure you keep your antivirus software, operating system, and browser up to date
- Have clear procedures for making payments, bringing on new suppliers, and amending their bank details – Make employees aware of these and don’t forget to regularly review your internal processes so that they’re fit for purpose
To find out more about how to improve your cyber resilience, check out our article, Cyber security tips for your small business.