Business fraud
Like all of us, the best way to prevent your business from becoming a victim of fraud is to arm yourself, and your employees, with the knowledge, training, and awareness to recognize the red flags of fraud. Scammers are experts too and know what buttons to push to trigger our emotions and make a connection, relying on the expectation that most of us will respond to threats with fear.
Help your business and staff to counter these assumptions by being skeptical when receiving emails, texts, mail or faxes, refuse to be victimized by extortion or threats to business and report the contact to police. A lack of education about fraud and of what to look out for provides an advantage to scammers and keeps them in business. Talk to and train employees about the techniques and share this knowledge among your industry.
Select a scam below to learn more.
CEO | Executive
CEO and executive fraud are about leveraging employee's trust and respect for authority in order to defraud the company.
Means of contact
Using spear phishing techniques, and spoofing email or text addresses, scammers pretend to be from legitimate sources and request that businesses or individuals send them money.
Tactics used
Read our Fraud Files article for a real-life example of this scam.
Means of contact
- Text
- Phone
- Fax
Using spear phishing techniques, and spoofing email or text addresses, scammers pretend to be from legitimate sources and request that businesses or individuals send them money.
Tactics used
- Leverage an existing relationship between the sender and receiver
- Use an email address that's close to what you'd expect
- Purchase of gift cards
- Large wire transfers
- Special requests from "head office"
- Payroll changes
Read our Fraud Files article for a real-life example of this scam.
Denial of Service (DoS)
A denial of service is a malicious attack that is meant to shut down an organization's service and data network.
Means of contact
The purpose of DoS attacks is to temporarily or indefinitely disrupt a company's service or the network. Flooding attacks are the most common and include flooding a website or network with traffic. The site becomes overloaded as a result and cannot respond, so it shuts down. Crash attacks are less common, but carry greater impact.
Tactics used
There are a number of signs of a DoS attack. These include a slow down of your network when opening files or accessing websites, an inability to access websites, retrieve data, or control processes.
What to look for
Read our article to learn more about ransomware and how to protect yourself.
Means of contact
- Text
- Internet
- Phone
The purpose of DoS attacks is to temporarily or indefinitely disrupt a company's service or the network. Flooding attacks are the most common and include flooding a website or network with traffic. The site becomes overloaded as a result and cannot respond, so it shuts down. Crash attacks are less common, but carry greater impact.
Tactics used
There are a number of signs of a DoS attack. These include a slow down of your network when opening files or accessing websites, an inability to access websites, retrieve data, or control processes.
What to look for
-
Do not click on links or call the number on urgent-looking pop-ups when you are online. Legitimate companies will not contact you with this kind of information.
-
Be careful if you download software from third party websites such as music, games, movies or adult sites, unless you have done your research on the company and can confirm they are legitimate.
-
Watch out for emails with spelling and formatting errors, and be wary of clicking on any attachments or links. They may contain viruses or spyware.
-
Make sure you have anti-virus software installed and keep your operating system up-to-date. Never give anyone remote access to your computer. If you are having problems with your system, bring it to a local technician.
Read our article to learn more about ransomware and how to protect yourself.
Directory
Many businesses advertise in annual directories as part of marketing their services to users along with industry peers.
Means of contact
Your business is contacted by a business directory supplier who implies that you've purchased a listing in the past, and they're calling for you to confirm your company contact and information. You confirm. This technique is called the "Assumed Sale." You will receive a second call "confirming" your purchase of a directory listing. Two weeks later, you receive an invoice.
Tactics used
When you call to dispute the charge you'll be told that they have a recording of you confirming the purchase and threatening to send your file to a collections agency. If it remains unpaid, you will begin to receive aggressive collection calls and this could affect your credit rating.
What to look for
Means of contact
- Phone
Your business is contacted by a business directory supplier who implies that you've purchased a listing in the past, and they're calling for you to confirm your company contact and information. You confirm. This technique is called the "Assumed Sale." You will receive a second call "confirming" your purchase of a directory listing. Two weeks later, you receive an invoice.
Tactics used
When you call to dispute the charge you'll be told that they have a recording of you confirming the purchase and threatening to send your file to a collections agency. If it remains unpaid, you will begin to receive aggressive collection calls and this could affect your credit rating.
What to look for
- Confirm the caller is who they say they are by requesting their contact information
- If they say they'll report you to the credit bureau, ask what credit bureaus they belong to, and call to confirm
False billing
Your business receives an unsolicited invoice for a service or product you did not request. This is another form of an assumptive sales technique used by scammers.
Means of contact
False billing scams are also based on the use of assumptive sales tactics, similar to those used in directory scams. For example you receive a call from a scammer posing as your regular office supply provider. They're calling to confirm your business address. Once you confirm the address, you receive supplies that you did not order along with an invoice.
Tactics used
Scammers use assumptive sales techniques to justify sending an order. They hope you won't bother to send it back and you'll simply accept the order. If you do receive unsolicited goods, send the company a registered letter requesting proof of the order. If there is no proof, notify the sender that you'll be keeping the supplies as a gift.
Means of contact
False billing scams are also based on the use of assumptive sales tactics, similar to those used in directory scams. For example you receive a call from a scammer posing as your regular office supply provider. They're calling to confirm your business address. Once you confirm the address, you receive supplies that you did not order along with an invoice.
Tactics used
Scammers use assumptive sales techniques to justify sending an order. They hope you won't bother to send it back and you'll simply accept the order. If you do receive unsolicited goods, send the company a registered letter requesting proof of the order. If there is no proof, notify the sender that you'll be keeping the supplies as a gift.
Grants and loans
Many small- and medium-sized businesses have access to grant and loan funding programs through both provincial and federal governments. However, there are sites that claim to be a government department assisting businesses with their financing needs.
Methods of contact
You are looking for grants or loans for your business and come upon a site that claims to be a government department who, for a fee, will grant you "special access" to the programs, and may even imply that funding is guaranteed. But of course, it isn't, and buying into this special access is a sure way to lose money.
Tactics used
Closely examine these websites and do your research before you subscribe, send funds, or provide account and credit card information. Instead, do a search and go directly to the government website.
Methods of contact
- Online
You are looking for grants or loans for your business and come upon a site that claims to be a government department who, for a fee, will grant you "special access" to the programs, and may even imply that funding is guaranteed. But of course, it isn't, and buying into this special access is a sure way to lose money.
Tactics used
- For a fee, the services offer financing and support for access to grant and loan funding
- Government departments do not charge fees for services, nor can they provide "special access" to programs
Closely examine these websites and do your research before you subscribe, send funds, or provide account and credit card information. Instead, do a search and go directly to the government website.
Foreign money offers
These are also referred to as inheritance scams and fake business proposals. Posing as a lawyer, the scammer sends you a request to transfer a large sum of money to a foreign account in another country.
Means of contact
Scammers will notify you that you need to pay fees so they can release the money you've inherited, you've paid up front for a business opportunity, or to support illegal activities in another country.
Tactics used
Means of contact
- Text
- Phone
- Fax
Scammers will notify you that you need to pay fees so they can release the money you've inherited, you've paid up front for a business opportunity, or to support illegal activities in another country.
Tactics used
- Appears to come from a lawyer or a legal organization
- Provides fraudulent letters of inheritance, fake business proposals, or other requests for funds
- Advises you that you need to pay fees before your money can be released
Franchise or business opportunity
Scammers offer business or franchise opportunities and promise big returns on your investment, but a down payment is required.
Tactics used
The opportunity requires high startup costs, or the product itself is expensive. Popular scams include investments, ATM machines, point of sale machines, cleaning equipment, etc. These often require large deposits upfront to purchase equipment.
Tactics used
Tactics used
- Internet
- Phone
The opportunity requires high startup costs, or the product itself is expensive. Popular scams include investments, ATM machines, point of sale machines, cleaning equipment, etc. These often require large deposits upfront to purchase equipment.
Tactics used
- Promises of high returns from this opportunity
- False endorsements from "successful" franchisees
Ransomware
According to the Government of Canada, ransomware attacks are the most common kind of cyber threat. During these attacks, scammers use malicious software to encrpt, steal, or delete a company's data and then demand a ransom for restoring access to the system.
Means of contact
Ransomware is a form of malware that denies access to the user until a ransom is paid. Scammers send urgent messages or program urgent looking pop-ups to set a trap and entice users to select a link, at which time malware can be downloaded without your knowledge. Scammers then threaten to destroy or release confidential information from your computer unless you pay them a ransom.
Tactics used
The impact of ransomware can be devastating to an orgnization. They can block access to vital data information and devices in some cases, leaving the orgnization (think hospitals) without being able to serve their clients (or patients).
Scammers have become emboldened by their success by first getting access to an organization's infrastructure system, then identifying the most critical systems that hold high-value data, personal information, or information that if leaked could cause reputational damage. Now knowing this information, the scammers can then deploy the ransomware and monitor the communications and recovery plan of the organization.
Means of contact
- Online
Ransomware is a form of malware that denies access to the user until a ransom is paid. Scammers send urgent messages or program urgent looking pop-ups to set a trap and entice users to select a link, at which time malware can be downloaded without your knowledge. Scammers then threaten to destroy or release confidential information from your computer unless you pay them a ransom.
Tactics used
- Sends urgent messages or program urgent looking pop-ups to set a trap and entice users to select a link, at which time malware can be downloaded without your knowledge.
- Threatens to destroy or release confidential information from your computer unless you pay them to access your system again.
The impact of ransomware can be devastating to an orgnization. They can block access to vital data information and devices in some cases, leaving the orgnization (think hospitals) without being able to serve their clients (or patients).
Scammers have become emboldened by their success by first getting access to an organization's infrastructure system, then identifying the most critical systems that hold high-value data, personal information, or information that if leaked could cause reputational damage. Now knowing this information, the scammers can then deploy the ransomware and monitor the communications and recovery plan of the organization.