As you all know, fraudsters are becoming more and more sophisticated. Fraud is no longer perpetrated just by the King of Nigeria and the guy with 5 computers in Mom’s basement drinking 84 ounce cokes wearing a “Defy Authority” t-shirt. It has become a sophisticated business often run by an organized network of increasingly devious hackers.
Even prudent business owners who try to do all the right things (proper segregation of duties, Positive Pay and other protective programs with banks, dual signatures on checks, dual authorization of ACH payments, etc.) can be taken in by the recent scams.
You have already heard from us repeatedly about the IRS telephone and email scam. NEVER give any information to anyone calling that claims they are from the IRS – they are not. The IRS never calls or e-mails taxpayers to verify financial or personal information. Instead, expect to receive a letter through the regular mail. In addition, taxpayers should remember that IRS.gov is the official IRS website. Always look for a URL ending with “.gov” — not “.com,” “.org,” “.net” or other nongovernmental URLs.
There are numerous “infiltration” frauds that have been uncovered recently. These can involve Malware invited into your company’s network in a variety of ways. Per Wikipedia, “Malware is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software.”
– e-mail impersonation
– invading computers and stealing banking and credit card information for resale
– fooling your network into thinking it is dealing with a financial institution when it is instead someone pretending to be your financial institution (potentially leading to making a large wire transfer you think went to a vendor but was routed through a dozen banks and is now out of reach in a foreign country)
– freezing your network then demanding a pay-off to “release” it back to you
It is important to note that many of these can be perpetrated by taking advantage of an unsuspecting non-executive staff member, thinking they are helping the company. By the time these thefts are discovered recovery may be impossible.
Our goal is not to attempt to explain all the scams that are currently being used. It is to again remind you to be extremely vigilant, be skeptical of email or other requests that seem unusual and constantly remind your employees to verify, be cautious and always keep their radar up. Never release information based on an email request, a phone call from a representative of a company you do not know or a “help desk” proactively trying to solve a problem with contact initiated by them.
Finally, work with your IT department or provider to be sure all network security measures reasonably possible are in place. This includes firewall protection, anti-virus software and scores of other preventive measures.
In the end, the best defense may be trusting your gut instincts.