“Criminals target companies as often as private customers. Criminals understand that corporate accounts offer bigger prey, so they are more aggressive in this area and use a wide arsenal of different tools and fraud techniques. Fraudsters constantly attack organizations in a variety of ways to extort sensitive data or simply steal money outright.
Artificial intelligence is becoming a dangerous tool in the hands of fraudsters, so companies should strengthen their resilience by investing in information security systems and constantly educating their employees. Practice shows that the human factor is usually the weakest link in the system. Most fraud attempts are directed at employees”, says Daiva Uosytė, director of the Prevention Department of SEB banka.
D. Uosytė points out that when luring private individuals into traps, fraudsters almost always consider the possibility of reaching companies where potential victims work. There are cases where individuals give fraudsters access to both their personal accounts and companies where they are responsible for payments.
According to SEB Bank in Lithuania, in less than eight months of this year, fraudsters have embezzled almost 978 thousand from companies. EUR – more than a tenth (about 12%) more than the amount that the bank’s business customers lost due to fraud in the whole year 2023.
Scammers exploit both technology and emotion
Criminals are able to use fake video and audio recordings to influence the people who are responsible for payments in the company. Fraudsters also try to induce emotions so that victims make spontaneous, rash decisions and give access to the payment details and accounts they are trying to steal.
“That’s why sometimes the best fuse is the time to calm down emotions and check whether the situation depicted by fraudsters corresponds to reality,” observes D. Uosytė. Fraud prevention mechanisms used by SEB bank and other financial institutions in Lithuania help to save time and check the situation more carefully. The purpose of these mechanisms is to protect the funds of business and private clients. As a result, some payment transactions may even be suspended if there are indications that money may go to fraudsters’ accounts.
However, according to the expert, fraud prevention mechanisms may not work if the company’s employee blindly follows the fraudsters’ instructions.
Publicly available information helps build a compelling narrative
Colleagues can help you pause, look at the situation from the outside and avoid falling into traps. A direct call to the company manager or a specialist who is responsible for data and cyber security in the company helps to reveal the fraud.
It turns out that efforts to pretend to be the head of the company (eng. CEO fraud) or sending fake invoices (eng. Fake invoice fraud) is one of the most commonly used cheats at the moment. Fraudsters try to take advantage of the fact that some actions (for example, paying invoices) are used automatically by company employees.
Law enforcement points out that when preparing a crime, criminals are able to collect a lot of information about the company and its employees, primarily publicly available on social networks. They carefully analyze employee relationships, duties, functions and responsibilities. Inserting colleagues’ names, positions, and even project titles into the false narrative helps create the impression that the impostor really belongs to the organization.
Criminals seek to obtain confidential information, access to e-mail. e-mail or internet bank passwords or to persuade to transfer money according to submitted requests or invoices.
Safety is enhanced by good habits
A constant companion in the efforts of fraudsters is haste. You need to transfer money or get access now. Urgency and exhortations aim to evoke emotions. An employee caught off guard by a scammer may miss important details: grammatical and spelling mistakes that are not typical for management letters, other e-mails. postal address, other than usual bank account data.
Thus, according to D. Uosytė, the developed collective habit of checking the addresses of the sender of incoming letters, not opening letters from unknown senders, not clicking on the links in the letters, helps the organization lay the foundations of a kind of security wall. The wall rises and strengthens when information security systems are installed, used and periodically updated in the organization, which warn employees about incoming mail from the outside and from addressees from whom mail was not received before, as well as when connecting to the company e-mail. mail or systems workers use multi-factor authentication.
D. Uosytė, director of the Prevention Department of SEB bank, additionally recommends:
- regularly review the list of employees who have access to the company’s Internet bank, make sure that only those company employees who need it based on their positions and functions have access rights,
- to consider the appointment of two Internet bank administrators and to provide for the application of the “4 eyes” principle for the approval of payments and the rights and limits of Internet users, that is, to ensure that one Internet bank administrator cannot change the rights without the approval of another administrator,
- determine the company’s maximum daily limit, the amount of which corresponds to the daily business needs,
- check whether the account of the recipient of the funds of the payment being made matches the data of previous payments,
- urgent or unexpected requests by e-mail to check the mail in other ways (for example, simply calling the recipient’s phone number, writing a message through social networks or a commonly used e-mail address).
“Fraud protection works best when all employees understand that anyone can become a target of fraud and experience various types of fraud. Therefore, it is very important to be able to recognize signs of fraud, to constantly update knowledge and security tools”, concludes D. Uosytė.
#Calculated #euros #defrauded #companies #year #Business
2024-10-03 05:17:13
