Contents
Cyber security has been a hot topic since the recent Equifax data breach, which compromised up to 143 million people’s names, social security numbers, birth dates, addresses and, in some instances, driver’s license and credit card numbers.
Though consumers were not able to protect themselves from the Equifax breach, you can protect yourself and your place of business from phishing scams and inadvertent malware downloads by educating employees about various schemes that may appear in their email inboxes.
Reportedly, hackers send 156 million phishing emails a day. Phishing is the process by which online scammers try to obtain usernames, passwords, credit card numbers, and other sensitive data by posing as a trustworthy source.
“Trusted” Websites
Phishing scammers may send a fraudulent email with a link to a fake credit card website, bank, PayPal, Google, Amazon account, etc. Many phishing emails may have obvious errors in grammar and graphics, but some email scams are becoming more refined.
Recently a sophisticated fraudulent scam involved a fake email supposedly sent by PayPal. It was convincingly written with graphics realistic enough to appear authentic. Unsuspecting recipients were directed to a fake PayPal page and asked to enter personal information including a social security number.
A red flag for most of these scams is they often require “urgent” action to “protect your account” and will redirect to a url unrelated to an actual “trusted site.”
Another recent scam involves a fake email supposedly from ADP about “the status of your paycheck.” The subject line includes a fake paycheck number to make the email seem more credible.
Another ploy involves your (fake) email provider asking you to “reverify” your login and password. Scammers can then take over your email account and send fraudulent emails to your contacts.
When in doubt, don’t click, don’t enter your login and password, and verify the email information independently by calling or entering a company’s valid url in your browser to authentically verify the status of your account.
“You’ve Been Hacked”
Phishing scammers may also send an email from a “trusted site” telling you that may have been hacked, and then provide a link to a fake site in order to steal your login credentials.
A common “tech support scam” involves emails purported to be from Microsoft or Apple saying you’ve been hacked.
Clicking on an attachment could cause you install a virus or malware program that gives scammers full control of your device. It’s important to never click on an attachment in an email from an untrusted/unverified site.
Beware of the website popup that says you’ve been affected with a virus, and asks you to download a virus check.
Never download free antivirus software from an unknown source. This could allow scammers to install a ransomware program and demand a sum of money for you to regain access.
Money Transfers
Scammers often pose as friend or relative via email or Facebook in order to request money or get you to click on undesirable links. Other scams may claim that you have won a sweepstakes or the lottery.
While it may seem obvious, many folks need to be reminded to be more suspicious of these types of emails. A surprising number of people have been susceptible to the ongoing Nigerian Prince scams, and the FBI reports annual losses of millions of dollars.
Recipients are told they will receive a large sum of money and are asked to provide their bank account number, social security number, birth date, or other sensitive information.
“Your Verification Code Please”
Scammers can make your caller ID appear as if a call/text is coming from your bank, Amazon, the IRS or other trusted sources.
First hackers steal your credentials, log into one of your accounts, and then call or text you asking for the verification code that appears on your phone.
It’s important to generate unique, strong passwords for your payment accounts such as your credit card, phone, and bank.
Another Kind of Fraud
While it’s important to educate your employees about phishing scams that may affect your business, it’s also important to protect your business from internal fraud. Like phishing scammers who often pose as trusted family or friends, an internal fraud perpetrator is often posing as a trusted employee.
These best practices and fraud-prevention tips for a business are as follows:
- Separation of duties in small office (AP, AR, GL) and routinely change passwords
- All bank correspondences/financial envelopes should to go to CEO, not bookkeeping
- Lock up your check book and always review bank statements/checks paid
- Monitor hours reported in to payroll (and review paid time off)
- Consider changing or alternating the credit cards that your company uses and review card statements monthly
For fraud-prevention, it’s also very important to have accounting software that provides audit trails that cannot be deleted as well as data backup where no one can get in and delete files.
We hope you found these tips helpful. Learn more about Passport Software’s accounting software with excellent audit trails.