The rapid advancement of technology has made our lives easier in countless ways. Unfortunately, with these advances has come an increase in cybercrime as online fraudsters adapt their strategies to reach new victims.
In the past, criminals used manual processes to scam victims by mailing letters, sending faxes, and making phone calls, but modern tech has put a new spin on old fraud schemes, and today’s fraudsters are using email, messaging platforms and social media to reach targets inexpensively and easily.
The tech savvy among us often think that we are safe from these types of crimes, believing that only the elderly or uneducated can fall victim. However, Ryan Mer, CEO of eftsure Africa, a Know Your Payee (KYP) platform provider, says it is a mistake to believe that becoming a victim of a scam is limited to a certain group of people. “Young, educated, well-informed people fall prey to scammers too,” he says. In fact, The Federal Trade Commission’s survey shows that 44 percent of people in their twenties are losing money to fraud, compared to 20 percent of people in their seventies.
This rise in online crime puts all businesses at risk and just one incident can result in the loss of millions of rands. One antidote to this criminal scourge is to ensure an organisation’s employees are security consciousness and aware of the many, and ever evolving, online threats.
Mer says there are many ways that employees are targeted. “By sharing too much information online, they could unwittingly be offering cybercriminals a wealth of information for use in any number of scams. In business email compromise (BEC) scams, perpetrators rely on social engineering tactics to talk their victims into divulging confidential information or performing an action like changing payment details or circumventing usual KYC processes. There are examples of HR departments being duped by scammers who cleverly divert salary payments.”
How can employees avoid being scammed?
The second half of 2021 saw a drastic increase in the number BEC attacks – an astounding 84 percent according to a report by US email security firm Abnormal Security. The Federal Bureau of Investigation says BEC losses have surpassed $43 billion globally this year.
According to Mer, a common modus operandi in these kinds of attacks goes something like this: An HR manager receives a cordial email from a member of staff, and everything looks in order, from the name and surname to the email address, including the standard email signature. The email instructs HR to change their banking details for payroll purposes and money is diverted to the fraudulent account.
One of the most beneficial things an employer can do to stop staff being scammed or impersonated is to educate them on prevention techniques. Mer shares some strategies for your business:
- Be aware of common BEC attack scenarios and train your employees to recognise these scams.
- Double-check the sender’s email address. The domain name will look credible but small details will be altered, for example one character will be different or an underscore will be used instead of a dash.
- Add multi-factor authentication to your email accounts. This requires multiple pieces of information to log in and makes it more difficult for a cybercriminal to gain access to employees’ emails and launch a BEC attack.
- Look out for tell-tale signs of a scammer, who, while impersonating a vendor, often rely on a false sense of urgency and a demand for secrecy.
- Think before you click. Err on the side of caution when you come across links in emails. Malware and phishing scams frequently rely on staff clicking malicious links.
- POPI Act awareness is crucial. Staff should be encouraged to safeguard not only their own information but customer details as well.
- Avoid posting too much information on LinkedIn or other social media platforms about specific processes and procedures in your company, such as job duties and descriptions, hierarchal information, or out-of-office details.
- Before sending money or data, request that the email sender goes through a real-time identity verification such as face-to-face authentication or a phone call using previously known numbers, not phone numbers provided in the email.
- Be aware of your customers’ and vendors’ usual behaviours. If there’s a sudden change in business practices, such as a business suddenly asking you to use their personal email address instead of their usual business address, think twice.
Sound business processes and educated staff, while essential, can only protect a business so far. Sophisticated BEC scams can defeat the internal controls of even the most vigilant teams. There are solutions available that can help prevent these BEC attacks by digitising and automating key checks and processes throughout the entire payment cycle, such as eftsure’s SaaS platform.
Mer explains: “eftsure identifies errors, fraud and scam attempts before funds can be released. Its KYP technology ensures that the verification of payees and eft payment data is done on a continuous basis, protecting companies from fraudulently changed or maliciously altered payee information.” Mer believes that well-informed staff, sound business processes and the right technology are at the frontline of fighting fraud and mitigating risk, and, when combined, can put up a formidable defence.