Protect yourself from scams
Scammers are still lurking for opportunities during these unprecedented times. Fraudsters are making even more sophisticated use of the security gaps of businesses. And this is not just about physical security or IT security against hackers, but about our gullibility combined with our lack of time. We see this happening quite a lot in practice and we help our clients to take measures such as recovering domain names.
At the beginning of this crisis period, our financial controller emailed me about a payment instruction I had given him. I hadn’t given him that instruction at all, but it was a convincing e-mail that someone else had sent in my name. This is a typical form of CEO fraud. The scammer finds out who in a company is authorized to give instructions for payments and sends an email on behalf of this person to someone in finance. Scammers do a pretty sophisticated job here, sometimes creating fake profiles on LinkedIn and get involved in social engineering. Especially as many people work remotely, this fraud is on the rise. Wet signatures have been replaced by permission by e-mail in companies where full digital transformation has been yet been implemented. Fraudsters also know very well that instructions for payments below e.g. EUR 1,500 are often not checked very well.
Domain name registrations with the name of your company in it by third parties, are often used as a prelude to e.g. the fraud I was just talking about. A customer expects to receive an offer or invoice by email from a company he knows, but it comes from an email address with a domain name that resembles that of the real company. Often the sender puts in his email signature a link to the website that belongs to that domain name and there is a copy of the real website on that website. The recipient if he were in doubt then thinks, after checking the website, that the received email must be genuine.
Scammers make use of the corona crisis here too There are more domain name cases this first half year than in the same period last year and corona related domain names score well, such as dettolhandsanitizer.com> and <facebookcovid19.com>.
We have drawn attention to this topic before. Scammers are also getting bolder when it comes to fake invoices. Where it used to be in the small print that it was a non-binding offer for an advertisement in an obscure business directory or the renewal of a trade mark registration for too much money, nowadays the letterhead is literally copied. Last week, one of our clients received an invoice from the World Intellectual Property Organization (WIPO) in Geneva, the body that deals with international trademark registrations. Our client, who is really used to the phenomenon of fake invoices, was initially in doubt and so was I. Then I noticed that the bank account was Lithuanian (which is odd for WIPO) and had a slightly different name for the bank account.
A couple of simple take-aways:
- Stay alert when receiving payment requests, even if it is for smaller amounts;
- Is this the kind of language you expect from the sender?
- Take a good look at the domain name in the e-mail address. Any errors?
- Contact the sender, not by a reply, but by sending an email to the address from your own address book.
- If in doubt, feel free to contact us. We love making this world a safer place to do business.