Many businesses have had to adapt to new working practices because of the coronavirus (COVID-19) situation. This has often meant an increase in emails and more frequent calls with suppliers, customers, banks and other organisations.
Scammers have been taking advantage of this. Cases are on the increase where fraudsters are calling businesses pretending to be from their phone or internet provider, their bank or even a retailer. They’ll ask for payments, or for staff to download software that then gives them control of that staff member’s device. Some have even taken control of genuine email addresses and used them to request payments, making it more difficult to spot the signs of a scam.
With this in mind, it’s now even more important to have strong, clear processes in place for keeping data safe.
Can you spot a scam?
Even if you know all the hallmarks and what to look out for, with ever-more sophisticated ways to access your data, scams are getting harder to spot. If a fraudster called or emailed you or a member of staff pretending to be a known supplier, would you know it was a scam?
They might even contact a staff member pretending to be you. For example, how can you tell if this email’s genuine?
Put checks and processes in place
To help you and your staff spot fraudulent attempts, here are some tips on the checks and processes you should have in place. Remember – it’s good to have a healthy level of suspicion.
- If you get an email out of the blue that asks you to click on a link or attachment, don’t do it – even if the sender seems familiar – and even if it appears to be coming from a known email address. Instead, contact the apparent sender using different details that you already know and trust to verify the request.
- When someone calls unexpectedly, don’t give them any information like personal details, bank details or pins.
- Never download any software onto your device if you’re asked to – fraudsters can use this to access your personal information, even your bank account. Instead, call them back on a known number to check they’re genuine.
- You can also search for a number to see if a listed number you’ve been asked to call is genuine. Have a payment-checking process in place. For example, if you receive a request to update the bank details you have on file or get new bank details for a payment, confirm this by calling that person or organisation using details you already have, and not those provided in the request. You should also do this with requests from anyone within your own organisation.
- Have security policies in place, such as having strong passwords, using an encrypted VPN (virtual private network) when working from home, and using an extra layer of authentication for email and payment processes (such as a unique code texted to your mobile) – and test these processes often.
- Make sure you and all your staff, regardless of their role, are made aware of the checks and processes regularly.