Advisory: Scamproofing Your Business

September 6, 2022


BRITISH COLUMBIA – Cybercrime is a serious threat to small business­es. In 2021 alone, the Canadian Anti-Fraud Cen­tre showed $207 million lost to fraud. Proactively protect your busi­ness by keeping a sharp eye out for a common scam: email spoofing.

Email spoofing is a form of cyber-attack in which a hacker sends an email that has been manipulated to seem as if it originated from a trusted source. The goal is to trick recipients into opening or responding to the message, allowing the fraudster to do things like take over online accounts, install malware or steal funds.

Make sure you train your staff to spot the telltale signs of this kind of fraud. An email spoof may:

  • appear to be coming from a co-worker or a trusted vendor
  • utilize an email address that looks like an ac­tual email address (e.g., changing one letter in the address)
  • request to issue a wire transfer or change payment details currently on file
  • include a link for a webpage with request to enter login information (e.g., Office 365)

It’s good practice to always confirm trans­action requests or payment arrangement chan­ges via an alternate channel like the telephone, particularly if the transaction is unusual or unexpected. Don’t attempt to verify using the same email the request came from.

You can also:

  • watch for emails that are marked in Out­look as [External], but appear to come from a co-worker
  • watch for requests that appear to come from co-workers, requesting you to purchase gift cards for them and send them the gift card codes
  • watch for unsolicited emails – particularly if you are asked to provide information or initiate a transaction
  • be wary of any communications which involve free merchandise
  • be wary of any communications which involve threats of service disruption/funds loss if actions are not taken
  • avoid clicking on unexpected/unsolicited links or opening attachments

If you suspect you’ve been caught by a scam, it would be prudent to run virus scans on all your devices/computers, change passwords to your email using a clean device/computer, and con­tact your financial institution to let them know.

The bottom line is that if something seems out of the ordinary, verify it. It may take an addi­tional few minutes, but it could save you a large loss to your business.

Mary Widsten is Assistant Manager, Central Operations at Coastal Community Credit Union.

Share This