As part of Cybersecurity Awareness Month, the Canadian Anti-Fraud Centre and the Ontario Provincial Police are looking to raise awareness for North Simcoe residents of the various scams.
The scams are happening both by phone and online.
Among the scams are social media business account spoofs where accounts are being cloned or imposter accounts are made and existing contacts and clients or employees are targeted with fraudulent messages and offers.
Ways to protect your business include:
- secure your social media accounts. Understand the terms of service for the social media platforms being used
- get “verified” on social media. “Verified” accounts provide a level of authenticity and credibility
- routinely monitor your social media accounts for unusual post and messages
- think about the information you share. Can it be used to create imposter accounts or solicit your clients and employees with fraudulent requests or offers
- routinely search social media platforms for imposter accounts
- provide clear instructions or details on any promotions, contests or giveaways
- provide fraud awareness messaging to clients and employees
- post warnings if, and when, spoof accounts are identified and report them to the platform
Other potential scams include phishing and payment redirection, which sees the perpetrators collect information on potential targets to send convincing emails.
Fraudsters will infiltrate or spoof a business or individual’s email account and create a rule to send copies of incoming emails to one of their own accounts. They will comb through the emails to: study the sender’s use of language and to look for patterns linked to important contacts, payments, and dates.
The fraudsters then attack when the email account owner can't easily be reached by email or phone and it may look like an executive sending an email to the accounts payable department requesting an urgent payment to close a private deal or it may look like an email from existing contractor providing new payment directions and requesting payment of an invoice.
Ways to avoid potential phishing scams include:
- remain current on frauds targeting businesses and educate all employees
- include fraud training as part of new employee onboarding
- put in place detailed payment procedures including verbal authentication for any urgent requests or changes in payment details
- encourage a verification step for unusual requests
- establish fraud identifying, managing and reporting procedures
- avoid opening unsolicited emails or clicking on suspicious links or attachments
- take a few seconds to hover over an email address or link and confirm that they are correct
- restrict the amount of information shared publicly
- upgrade and update technical security software
Ransomware is also continuing to be an issue and tend to start with a phishing incident.
The email contains an attachment or a link and, once opened, infects the user's system.
Other ways networks and devices can be affected include visiting unsafe websites. inserting an infected external device or exposing the systems to the internet unnecessarily or without robust security and maintenance measures.
Other tips to protect against ransomware include:
- be cautious of any unsolicited email
- do not respond to suspicious emails and do not click on any links in them
- ensure a backup plan for your data that is consistent and frequent
- use multi-factor authentication and anti-malware software
- ensure regular software and system updates/patches as well as frequent system-wide password changes
- publish and enforce an employee security policy
- work with law enforcement when developing and testing an incident response plan