Most people can usually spot phishing emails that include misspellings and strange attachments. But there are many more subtle–and more dangerous–fraud schemes to be aware of.
For small business owners, becoming a victim of fraud can have immediate and long-term financial and security impacts. The good news is with the right information, you can spot the most common types of fraud and help prevent your business from falling prey to them.
Following are three of the most common types of fraud that impact businesses.
BEC fraud is a type of phishing attack in which a fraudster attempts to impersonate a known contact, such as a high-level executive or trusted colleague, and trick a recipient into transferring funds into a fraudulent account. BEC fraud doesn’t usually rely on links or attachments, and that makes it harder to spot than the average phishing email. These emails rely on having enough personal information to accurately impersonate someone you know.
OOO fraud is a similar scheme where fraudsters take advantage of the information provided in an OOO email. While out-of-office messages are a courteous way to let others know that you won’t be working, you could be giving away valuable information to potential fraudsters. The standard OOO message includes the contact’s full name, office address, phone number, job title, and line of work. In the hands of a fraudster, this information can be used to impersonate you to get information or money from an unsuspecting colleague.
Insider fraud is carried out by a current or former employee, contractor, or business partner who takes advantage of the data or processes they had access to in order to complete their job.
Ultimately, the best way of preventing the three most common types of fraud is to keep private or sensitive information out of the public eye. By committing to a few simple, proven tactics, you can help prevent fraudulent activity from occurring in the workplace.
Remember to keep the personal information in your emails vague–especially in OOO messages. When setting an OOO message or sending an email that could reach recipients you may not know, avoid providing unnecessary contact information or sensitive details about your business. Ask yourself: “Would I share this information with a stranger?” If not, best not to include that information in your email.
Similarly, be aware of what you’re posting on social media and who has access to your profile. Sharing lots of private details on a public account can increase the risk of a fraudster impersonating you.
Finally, you should always be cautious when answering unsolicited phone calls or emails. What’s more, make sure to verify that a request for money or data is legitimate by calling a known and verified number for confirmation. Rule-of-thumb: never offer up personal or financial information to an unsolicited caller.
You can help prevent insider fraud at your business by implementing a strong system of clearly documented internal fraud controls, including policies for physical and digital data, assets, and communication. Be sure your employees have access to and are trained on those policies. Foster a company culture that promotes accountability, honesty, and transparency. The more your employees understand security best practices, the better prepared they’ll be for handling data or information correctly. And, the more they’ll understand how serious a purposeful breach of those policies is.
Learn more about how Clover helps protect your business from fraud.
This story was originally published on SPARK, a blog designed for you and your people by ADP®.