Is it real or fraud? Legal or Illegal?
In simpler times, securing your business meant locking the safe and setting the alarm system before you left for the day. These days your entrepreneurial empire can be brought to its knees just by something so unassuming as an employee not practicing safe Wi-Fi. Yes, that’s a thing. Fraud and scams abound.
Nowadays, technology reigns supreme offering us certain advantages, but also paving the way for numerous new and unimaginable threats to your precious private information and hard-earned bank account balance. Cybercrime is made even more terrifying by the fact that so little is understood by the average person as to how they unwittingly put themselves in harm’s way. Public Wi-Fi seems like a positive perk available in airports, coffee shops, all the so-called “normal” places, but, in reality, an unknown connection like that is notoriously insecure and easy to hack. You could unknowingly be sending all your private data to the wrong person!
As a business owner, you can take the necessary precautions and ensure that passwords are complex and changed frequently. You can make sure your staff knows the cyber-safety policies you’ve established to protect your company from scammers and fraud artists, but you can’t be with each employee every minute of the day. At Preferred Client Services, we are a professional team of bookkeeping experts, so we know how important your financials are to you personally and professionally.
Awareness is the key preventative measure that will protect you or your staff members from becoming a victim.
Courtesy of the Canadian Anti-fraud Centre, this sampling of the most common types of online scams currently wreaking havoc on businesses will help you put the necessary precautionary processes in place in your office.
There are two popular types of wire fraud. The Business Executive Scam, also known as the Business Email Compromise would target an employee authorized to make wire transfers who would typically receive an email, supposedly from one of the company’s executives. Perhaps the CEO or CFO’s email address will have been mimicked, but, frequently, the executive’s actual email will have been compromised making the fraud even more difficult to detect. The email will outline a situation in which an outstanding payment needs to be made immediately while offering a plausible excuse as to why the executive cannot complete the task personally. The supposed executive provides a name and a bank account where the funds must be sent. Losses typically exceed $100,000.00.
False Payment Scams
The Supplier Swindle works potentially on businesses with already existing relationships and accounts with wholesale suppliers or contractors. The culprit, pretending to be a representative of one of these companies, will send a spoofed email complete with new banking details and instructions that there’s been a change in arrangements and all future payments be made to this new account.
The Sale of Merchandise and Services Scam involves any kind of merchandise or service being sold online usually through business websites and classified ads. The scammer purchases the product or service making payment to the seller’s account using compromised credit cards or fraudulent financial instruments. Currently, there are two examples in this category.
Card Not Present fraud involves the unauthorized and/or fraudulent gathering, trade and use of payment data such as card numbers, expiry dates, and passwords. By definition, the merchant doesn’t visually see the card or the cardholder before the transaction takes place. The offender places an order for a product or service by phone, email, fax, or through the vendor’s website, intending to make the payment using a stolen or compromised payment card. The unsuspecting seller processes the payment using that unauthorized information. By the time, the scam is discovered, usually, when the true cardholder disputes the charge, the product or service has already been provided and the unfortunate seller is now responsible for the reimbursement, taking not just one but two financial hits.
The Canadian Anti-fraud Centre confirms that the travel industry, in particular, has been brutalized by this specialized version of CNP. Scammers will use stolen credit cards to purchase tickets for travel or even entertainment from targeted merchants. Then they resell the tickets for a cheaper price on classified ad sites or social media. In these cases, both the original merchant and the unwitting ticket purchaser are victimized because, once fraud is confirmed, the merchant cancels the ticket.
In the Purchase-order Scam variation, the fraud artist will pose as a representative of a legitimate organization such as a hospital or university and set up accounts with a supplier to acquire products. Fake purchase orders are produced and sent which, of course, will never be paid, but this is discovered long after the transaction goes through.
Phishing, Ransomware, and Other Extortion Scams
Spear Phishing is another term of the times describing a nefarious set-up of an individual or a business. Quite similar to the wire fraud scenario, typically, a person within the company receives a fraudulent request that appears to come from a known sender such as a boss, co-worker or client. In this case, the difference is that the email asks them to buy prepaid gift cards from iTunes, Google, or Amazon, for example, and email the prepaid card numbers back to the sender. In other instances, the perpetrators may request them to send money via e-transfer.
Ransomware, the most common type of extortion scam targeting businesses using malicious software that will block access to a computer until a sum of money is paid. Often, a computer is infected when a victim clicks on a link or attachment received through a phishing email. Once infected, the computer will show a “ransom” note designed to extort the victim into paying the sum demanded.
According to CAFC, the Hydro Extortion Scam is almost identical to the infamous Canada Revenue Agency one, only in this scenario, the caller claims to be from the provincial hydro utility threatening to cut off power if an unpaid bill isn’t immediately settled.
Email extortion campaigns involve businesses receiving emails from alleged hacking groups. The email will claim they’ve been hired to “DDoS” the business website, or, in other words, perform a distributed denial-of-service attack on the site. Usually, they’ll demand payment from the business in the form of virtual currency to avoid the attack.
In a Directory Scam, the culprit will call a business asking to confirm its address, telephone number, and other pertinent details. The business then receives an invoice for a directory, publication or listing it never ordered or authorized. Often, the accounting department will make the payment, not realizing the company never made the order. The fraudster typically records the initial conversation so they can use it against the company as verification of the purchase.
Just as everything electronic rapidly evolves, new applications and software seemingly appearing every day, so do the many ways to use technology for illegal gain. To protect your assets and information, you must constantly remain vigilant for anything unusual occurring online or over the phone, while ensuring that your employees do the same. Not only do you need to guard against these newer scams and forms of fraud, you still need to be on guard against Employee or Accounting Fraud, Vendor Fraud, Payroll Fraud and, Data Theft that can be perpetuated from inside your company.
Employee/ Accounting Fraud
Employee Fraud or Asset Misappropriation can be done in many ways. These types of fraud can include anything from various types of Cheque Fraud to Inventory or Cash Theft to Expense Reimbursement Fraud or Fraud involving WCB or Health Insurance. One of the biggest issues right now is the use of company vehicles for personal trips. Each year we see multiple companies attempting to track down how much one of these types of fraud has cost them and the CRA has been auditing mileage & automobile expense accounts for the last couple of years. To prevent these activities be careful who you hire. Do your background checks. Make sure you have processes and procedures in place to check people’s work. Make sure that your books get reviewed by an external bookkeeper or accountant.
Vendor fraud also covers a lot of ground. Billing schemes occur when a bill is generated by an employee for products or services that were not provided. Bribery and kickbacks can be paid to your employees to encourage them to choose certain vendors. Overbilling or price-fixing can also cost your company money. To protect yourself, make sure that the person who issues the cheque is different from the person who signs it and make sure that a copy of the bill is with each cheque. Conduct random audits of vendor files, verifying their billing but also their company information.
Payroll Fraud is the theft of company assets via the company’s payroll system. It is the most common type of fraud and tends to occur over the longest period before being caught. This type of fraud can include ghost employees, where a fake employee is set up, Advance fraud, Timesheet fraud, and Paycheque theft. The fastest way to detect payroll fraud is to reconcile balance sheets and payroll accounts each quarter. Make sure that the timesheets are approved by managers and have payroll accounts audited by outside bookkeepers or accountants regularly.
Data Theft can be expensive, especially if your company relies on intellectual property for its products or services. This type of theft compromises all aspects of a business putting a company in a precarious position. The theft of trade secrets to sell to competitors undermines the exclusivity of a product or service. Theft of customer lists makes it easier for competitors to target clients and offer them “deals” to change providers. With the use of computers and the Internet, Personal Identity Theft or Personal Information Theft has become a huge issue for many companies, not just small ones. Any company that keeps financial information about clients or employees faces the danger of having it stolen. Protect your company by restricting access to proprietary information and personal information on clients or other employees. Dispose of personal information safely, make sure paper documents are shredded and electronic records are removed before reusing USBs or external hard drives. Make sure that any security program that is used to protect the information, sends warnings to management if someone tries to access it.
In 2018 alone, the Canadian Anti-Fraud Centre received 2,263 reports of business fraud totaling a loss of $17,501,617. Shockingly, it’s speculated that still, many more organizations are not reporting their experiences for a variety of reasons including concerns for their brand and reputation, but, quite possibly, because they simply don’t have a proper business process and plan in place.
By no means is this a complete list of the types of fraud and scams that are out there being perpetrated on unsuspecting business owners. The biggest thing to remember is oversight and review. Preferred Client Services would be happy to help you with regular or periodic reviews of your files to protect your company. Call us at 780-439-9457 to set up an appointment today.