1. Train your staff
All staff involved in the business?s financial activities must be taught about fraud schemes:
Senior executive impersonation scam
After hacking into a senior executive?s email account, a scammer contacts an employee who is authorized to make international wire transfers for the business. Using the executive?s email address, the scammer asks the employee to transfer money to a foreign account for an emergency or an important acquisition. There are usually a number of emails back and forth, but the hacker demands that the employee keep everything under wraps.
Service provider impersonation scam
A scam artist hacks into the email account of one of your service providers and asks that payments be sent to another bank account. The legitimate provider therefore never receives your payments.
A new client sends you a cheque for more than the amount owed for goods or services, then asks to be reimbursed for the overage. You later learn the cheque was fraudulent, so the crook makes off with the goods or services and the amount you reimbursed.
Your staff must also receive training on fraud prevention procedures.
2. Institute a strict procedure for wire transfers
Your wire transfer procedure should be spelled out in writing and known only to staff who complete transfers.
Identify which staff members are authorized to carry out wire transfers.
- Establish a process for confirming wire transfer requests.
- Determine the maximum amount each staff member may transfer.
- Require supervisor authorization for transfers exceeding the authorized limit.
Systematically verify officer requests not made in accordance with the procedure directly with the officer using another means of communication, especially when strict confidentiality is required.
Regularly verify that the staff in question understands the procedure and that they are following it.
3. Do business securely with your service providers and clients
Be especially wary of bank information change requests from service providers as well as overpayments.
Verify all changes to service provider bank information by contacting the provider at the phone number on file.
Request payment in the exact amount owed; ask that a new cheque in the right amount be cut if you receive an overpayment. If possible, wait for exact payment before delivering your product or rendering services.
If there really is an emergency, verify the cheque with your financial institution.
4. Determine what information to share about your business and employees
Scam artists use all the information they can find about businesses on public websites and even your own to make their scams as plausible as possible.
Limit the amount of information on social media and your website that could jeopardize the privacy of your business and employees and the confidentiality of your procedures. Employee titles, roles and responsibilities, as well as along with their names and contact information, can be used to lend legitimacy to a scam.
5. Recognize phishing emails
Scammers often make their emails look like they came from a real financial institution. Here are some signs an email may be fake:
- You?re asked to do something quickly due to an emergency.
- You?re told there?s a problem with your account.
- You?re led to believe you?ve won a prize or are entitled to something.
If you recognize any of these signs, don?t click on any links or open any attachments and delete the email immediately. Verify the authenticity of suspicious emails with the financial institution using official contact information listed elsewhere (not in the email).
6. Secure your computers and mobile devices
Using security software for computers and mobile devices can reduce the risk of viruses and malware. Make sure to update them regularly as you do your operating systems and all other software and apps you use.
Do you think your business has fallen victim to fraud?
Contact your financial institution and the police immediately.
Report all fraud to the Canadian Anti-Fraud Centre at www.antifraudcentre-centreantifraude.ca