September 17, 2024
Businesses are just as likely to fall victim to scams as consumers. CERT NZ’s 2023 annual summary showed the amount businesses and organisations reportedly lost to scams and fraud, nearly doubled – rising from $956k in 2022 to $1.9m in 2023
If you are a business owner, these scams could directly affect your income. If you’re an employee, the last thing you want to do is expose your employer to a scam. So what are common scams you need to be aware of and avoid?
Phishing
Phishing is a term used to describe the illegal practice of using email to obtain access to sensitive data such as passwords, bank account numbers, or credit card numbers. This is probably the most common way scammers target businesses. These emails may come from an unknown email address or mimic the email domain of a business simply by changing one letter. Sometimes, they are even disguised as if they were sent from a senior person within your own organisation.
They use techniques such as malicious links (often to something that seems innocuous such as a survey) to obtain access to data. Another example is the fake invoice scam, urging the receiver to pay for overdue goods or services that the business never received. Or impersonating one of your regular suppliers but asking for payments to be directed to a new bank account.
A fake "password expired" email might lure individuals into entering their current password on a fraudulent website, providing scammers access to sensitive company information. Some businesses have been duped by emails from scammers pretending to be employees requesting their salaries be paid into a different account.
Fake emails made to appear as they have been sent by a manager within your organisation are also common. Sometimes they urge the employee to make a payment to a new supplier, directing the funds to an account the scammer can access. But there are many creative ways they can defraud organisations.
The not-for-profit organisation Frances* works for lost $2000 last year to a phishing email scam involving iTunes gift cards. The email, set up to look as though it came from the organisation’s CEO, was sent to all staff members. It claimed the CEO was busy in meetings all day and needed the staff member to buy $1,000 of iTunes cards for him. Most of the staff realised it was a scam but a couple of new team members thought it was genuine and bought the cards, replying to the email to say they had completed the task. The scammer then sent a second email asking the team members to send him the 16-digit code from the gift cards. Once the scammer had that information, they were able to redeem the value of the gift cards. Frances says the fact the scam email was sent on a day most of the team was working from home made it easier for the scam to be successful as it limited the opportunity for staff to realise they hadn’t been singled out for an important task by the CEO. The organisation has since increased its communications to staff about phishing emails and common scams.
*Name has been changed.
Fake IT support
Criminals will try to scam businesses by calling or texting random staff members, pretending to be the organisation’s IT contractor, claiming their computer has a virus or they need to upgrade software. They tell the employee to download software that will help or ask for login details to fix the issue. But there’s no virus or service. The software hacks your computer or the hacker logs in to your systems to steal information.
Fake surveys
Scammers will sometimes use fake surveys to gain access to information they can use later to defraud the organisation. The other way they do this is to pretend that they are updating an industry database and need the email addresses and other information of senior personnel. It may seem harmless but they can use these details to appear legitimate in future interactions with your business.
How to avoid scams in your workplace
We will provide more information on what to do if you have fallen victim to a scam in an upcoming blog, but your first step is to call your bank immediately. They can guide you through the next steps, including whether involving the police is necessary.