The Covid-19 pandemic has already provided rich pickings for fraudsters and cybercriminals who are becoming increasingly active and unscrupulous. The company is the first line of defence against fraud and it is vital to educate employees about what to look out for and how to avoid being duped – something that is all too easy as many are working from home and under new levels of pressure. The treasury team is thus left understaffed and working harder, as a result vigilance can too easily be relaxed, providing a favourable opportunity for both fraud and cyber risk. None of the vast range of scams and frauds is new, but the advent of coronavirus has led to new ‘fashions’ in the way they are being employed and who are favourite targets.
Sending fake invitations to virtual meetings on platforms such as Zoom is one method of illegally gaining sensitive information. Cyber fraudsters are also making increased use of malware sent via email attachments. Impersonation fraud is rife: someone pretending to be a technician from your bank might offer to solve a problem you are having, for example with a payment, if you provide your bank identity code – but no genuine bank would ever ask for this over the phone.
Vendor scams, especially those centred on virus-related products, are also increasing. A request might appear to come from a known supplier, perhaps offering face masks or sanitising gel, or from a business unit asking for an urgent transfer of funds. Employees should be trained to double-check every such request and be assured by management that they will never be reprimanded for holding up a payment while such checks are carried out. A payment should never be made if there is any doubt whatsoever about it.
If one of your regular suppliers asks to be paid in advance or solicits payment for a charity, for example, make absolutely sure that you are, in fact, dealing with them and not someone impersonating them. You can do this by calling back – on the number you usually use to contact them – to check that the money is going to the right place, not a fraudulent account.