How Business Owners Can Protect Themselves from Online Scammers
Some unpleasant individuals try to take even more advantage of others in uncertain times. They try to sow confusion, prey on somebody’s good nature, deceive and deprive people of their hard-won earnings. Little surprise, therefore, that scamming has become so widespread across Australia as the perpetrators become ever more sophisticated. How much of a problem has scamming become, and how can business owners protect themselves online?
According to recent data from the Banking & Payments Federation of Ireland (BPFI), Irish companies suffered a loss of €8 million in 2022 as a result of a blend of invoice fraud and chief executive impersonation fraud. In Visa’s recent research they discovered that nearly one third (30%) of Irish consumers have also experienced online fraud.
What can be done to avoid joining the list of statistics and to protect against scams? Undoubtedly, the first line of defence is awareness.
Typical Scamming Methods
Scams can come in all forms, and it can be difficult to keep up with the level of sophistication. Still, some will be opportunistic and try to 'confuse' an organisation by emailing a false invoice. In this case, they’ll typically target the larger companies that receive many bills each month, and the invoice will relate to some apparent service or product that may be difficult to trace. They may even create invoices that appear to be from a legitimate supplier but will have different payment details.
Some scammers may attempt to pose as a supplier. They will send a direct email or even call to remind the business owner that they are running short of a commodity and should reorder right away. If they agree, they may receive a heavily overpriced order. When the recipient baulks, they may harass for non-payment.
Another victim may receive an unusual email or text message that seems legitimate but requires them to take urgent action. They may need to click on a link to take the next step, but this will download malware to the device as soon as they do so. From there, the perpetrator can steal passwords, delete files or even install ransomware. If there are any weak passwords within the system, they may be able to crack those, access financial accounts and syphon money.
These are just a few hacking techniques scammers use, and it’s essential to be aware at all times.
- It’s important to talk to others as well to gather more intelligence and find out how they may have been targeted. Many people who have been victimised feel embarrassed or ashamed and do not want to talk about it — but colleagues, friends, and family should open up, and this will help everyone going forward.
- It’s also crucial to be very careful with personal information, as this represents the 'holy grail' for the scammer. After all, snippets of personal data are used to verify accounts, open access to sensitive data and even apply for loans. This type of information should never be supplied unless the requester’s identity is clear. Be sure to verify the purpose and be ready to take additional steps if there is any doubt. All legitimate organisations will have a process in place to do so.
- As mentioned, some scammers will send a seemingly urgent text or email that requires the recipient to click on a link and provide personal information — threatening account deactivation for some clever reason, for example. Messages like this are illegitimate. The recipient should get in touch directly with the apparent organisation through a verified URL.
- Social media is an integral part of business life, but it can also be a great place for scammers. People should be cautious about how much information they share, knowingly or accidentally. Snippets of data here and there can be pieced together to set up an identity theft scam.
- Remember, always make passwords as strong as possible. Hackers can crack a password with a purely numerical number or with only lowercase letters in just a matter of seconds. Alternatively, it would take the same machine as long as five years to crack a 10-character password that had numbers, uppercase and lowercase letters and symbols.
- To counter those opportunists who aim to confuse, have robust accounting and management practices in place. Never pay an invoice without crosschecking it against known records, and always have a purchase order process in place. Also, ensure that multifactor authentication is set up where appropriate. This means that an account cannot be accessed unless a distinct process has been followed — for example, a password and a separate SMS message to a phone.
Remember, awareness is key, and it’s essential to have processes in place to counter even the most sophisticated scammer.