July 12, 2018
What can be done to prevent your organisation falling victim to scams? Here are 6 common scams in the workplace and how you can spot them.
1) CEO Spoofing
In September 2016, a man in Kansas sent a spoof email that appeared to come from the CEO of a construction company to county employees, requesting a payment, resulting in the scammer wrongfully receiving USD566,000. This is a perfect example of CEO spoofing, where the perpetrator claims to be a CEO and makes an urgent payment request outside of normal procedures.
The best way to spot a scam like this is to note how the email was written. Fraudulent emails like these almost always include an uncommon payment request. Be sure to double check invoice details and have a payments process in place to check for discrepancies.
2) Email Scams
In 2016, businesses in Singapore lost around SGD19 million after falling for email scams, involving perpetrators using seemingly genuine email accounts to ask victims for money. In a case in America, a county school district employee received an email purporting to be from the superintendent, asking for financial information of almost 8,000 employees, which was provided to the scammers.
Employees should beware of unsolicited emails that require clicking unknown links. Read emails like these thoroughly and look for grammar mistakes as well as inconsistencies.
3) Invoice Scams
In the case of an invoice scam, fraudsters research a company to learn which suppliers are used and when regular payments are due, in order to divert the payment to themselves. In 2016, Matel fell victim to this when a finance executive unknowingly transferred close to USD 3 Million to fraudsters.
The easiest way to spot an invoice scam is to watch for small discrepancies in invoices, such as a different address. Another good step to take is to implement a standard accounts payable process so all invoices are validated before a mistake can be made.
4) Text Messages
Also known as smishing or SMSishing, text scams are messages individuals receive that mimic an official text message from a trusted organisation. They usually notify the recipient of an account fraud or personal issue, such as being locked out of their account, which leads to them having to key in private information.
The best way to know when the text message you’ve received is a scam, is to take note of the context of the message. If it requires personal details, there is a high chance that it is a scam.
5) Internet Scams
This is a type of scam most Internet users today have been exposed to: the fake pop-up. The pop-up sends a ‘scam’ alert message, urging you to click on a link which will then send you to a fake website requesting your personal information, or enabling malware to be downloaded.
Always be cautious when prompted to click through to another website from a pop-up. Verify the legitimacy of the website and links before proceeding.
6) Phone Scams
Though most of these scams are aided by the internet, phone scams – called ‘vishing’- are still popular too, especially in Singapore. In these cases, a fraudster calls claiming to be from a trusted organisation. Fraudsters might even research basic bank details and personal information to seem even more credible.
If a caller requests your personal details over the phone, such as PIN numbers or banking passwords, this should be an immediate red flag. Call the bank’s general hotline and verify with them that the phone call you received is legitimate before handing over any private information.
Protect your workplace by encouraging employees to always be on the look-out for potential scams and providing ongoing security training. Learn areas of risk in your workplace and improve your information security best practices.