|We came across this advice for small businesses re: scams and frauds, and wanted to pass it on. |
Many businesses have had to adapt to new working practices because of the coronavirus (COVID-19) situation. This has often meant an increase in emails and more frequent calls with suppliers, customers, banks and other organisations. Scammers have been taking advantage of this.
In some cases fraudsters are calling businesses pretending to be from their phone or internet provider, their bank or even a retailer. They’ll ask for payments, or for staff to download software that then gives them control of that staff member’s device. Some have even taken control of genuine email addresses and used them to request payments, making it more difficult to spot the signs of a scam.
With this in mind, it’s now even more important to have strong, clear processes in place for making payments and keeping data safe.
Can you spot a scam? Even if you know all the hallmarks and what to look out for, with ever-more sophisticated ways to access your data, scams are getting harder to spot. If a fraudster called or emailed you or a member of staff pretending to be a known supplier, would you know it was a scam? They might even contact a staff member pretending to be you.
Put checks and processes in place To help you and your staff spot fraudulent attempts, here are some tips on the checks and processes you should have in place. Remember – it’s good to have a healthy level of suspicion.
1. If you get an email out of the blue that asks you to click on a link or attachment, don’t do it – even if the sender seems familiar – and even if it appears to be coming from a known email address. Instead, contact the apparent sender using different details that you already know and trust to verify the request.
2. When someone calls unexpectedly, don’t give them any information like personal details, bank details or PINSentry codes. Never download any software onto your device if you’re asked to – fraudsters can use this to access your bank account. Instead, call them back on a known number to check they’re genuine. You can also search for ‘Barclays phone checker’ to see if a Barclays number you’ve been asked to call is genuine.
3. Have a payment-checking process in place. For example, if you receive a request to update the bank details you have on file or get new bank details for a payment, confirm this by calling that person or organisation using details you already have, and not those provided in the request. You should also do this with requests from anyone within your own organisation.
4. Have security policies in place, such as having strong passwords, using a VPN (virtual private network) when working from home, and using an extra layer of authentication for email and payment processes (such as a unique code texted to your mobile) – and test these processes often.
5. Make sure you and all your staff, regardless of their role, are made aware of the checks and processes regularly.