With the digital age taking precedence over traditional media, cyber scams have become more prevalent for many individuals in recent years. Despite numerous cybercrime warnings in the business world, many are still falling victim to these scams. According to the The Attorneys’ Insurance Indemnity Fund (AIIF), cybercrime is defined as “Any criminal or other offense that is facilitated by or involves the use of electronic communications or information systems, including any device or the internet.”
What makes detecting cyber criminals a challenge is that they leave no physical evidence. A further concern is that enforcement officials are not yet adequately equipped to handle such criminal activity.
What to look out for
Impersonation Fraud or Identity Theft. Using intrusion techniques to send fraudulent emails from a victim’s account without them knowing.
Phishing. Phishing is a broad term used to describe any attempt to trick victims into sharing confidential information such as usernames, passwords, and financial details for malicious purposes.
Spear Phishing. This is characterized by an email attack that targets a specific company or individual with the intention of gaining personal information, financial details or trade secrets.
Whaling or CEO Fraud. A method in which cyber criminals pretend to be senior member at an organization. They will target an employee by email, text message or online chat and ask for sensitive information or some sort of urgent payment/transfer.
Credit Card Fraud. Online users are tricked into entering their credit card information on deceitful websites, allowing criminals to make purchases using the compromised account details.
Investment Fraud. Online scammers claim to have connections and knowledge in finance and persuade people to invest in a company, bank or venture.
Auction Fraud. Online shopping scams include buyers not getting what they paid for or receiving an item that’s different from the one advertised.
How can scams be avoided?
1. Thomas Harban, General Manager of the AIIF recommends that firms take the following precautions (for clients and any other recipient of funds):
- Phoning the client in order to verify the email and the instruction.
- Verify the authenticity of the bank account and the identity of the account holder before making payments.
- Conduct proper FICA verifications of all clients.
- Place a prominent note on all communication that no email instructions to change banking details will be entertained.
2. Robyn Kitto, Managing Director at Rodel Risk Solutions advises: “If you need to change your banking details at any stage, rather do so by visiting the firm. Not only is nothing safe via email, but banks or other companies will never ask for personal credentials via email.”
3. Make sure you check the email address really carefully. You may think it looks legit, but on closer inspection, there could be one or two characters that don’t match the person or company you think it came from.
4. Look out for urgent or threatening language in the subject line. Phrases such as “account has been suspended” or “your account had an unauthorized login attempt” are a common phishing tactic used to induce fear.
5. Don’t believe everything you see. An email may entail genuine looking brand logos, well-written language, and a seemingly valid email address, but that does not mean that it’s legitimate. Adopt a skeptical attitude when reading your emails.
6. Don’t trust the display name or header. Check the email address in the header – if it looks suspicious, don’t open the email.
7. Be mindful of what you post on social media platforms. Cybercriminals who “attack” rely on using these platforms to find out their ‘victims’ personal information.
A real life case study
A property related scam originally detected in 2011 by the AIIF, involved a conveyancing firm who attended to the transfer of ownership in a property from the seller to the purchaser. An email sent to the firm soon after registration purporting to be from the seller, requested that the funds due should be paid into a different bank account to that provided earlier in the transaction. The firm received a similar email purporting to be from the estate agent involved in the transaction. As ‘proof’ of the new bank account details, what appeared to be bank statements were attached to the emails.
The firm paid the respective amounts due to the seller and the estate agent into the ‘new’ bank accounts. A few weeks later, the seller contacted the firm inquiring about the payment of the funds due and a staff member in the firm looked into the matter. The seller was then sent a copy of the email received as well as the proof that that the funds have been paid into the ‘new’ bank account. When the estate agent inquired about the payment of the commission the same occurred.
The instructions to change the banking details of the seller and the estate agent originated from email addresses which, at face value, looked like the genuine email addresses of the respective parties. On closer inspection it turned out that the two emails received were sent by imposters who had mislead the firm into making payments into fraudulent bank accounts. When the firm contacted the relevant banks, they were informed that all the funds had been withdrawn.
So what do we know for sure about Cyberscams? All businesses and individuals are at risk. However, with the right precautions, the risk can be avoided completely. Firms need to implement security plans and educate staff regularly. Regular checks and revisions are mandatory as no one is immune to cyber fraud.