Be wary of fake email from boss
FRAUD PREVENTION MONTH: Scams involving money transfers have become very popular
As the 11th annual Fraud Prevention Month wraps up Tuesday, The Province, the accounting firm MNP and the market research firm Mustel Group polled B.C. businesses about the prevalence and risk of cyber fraud.
Among other things, three-quarters of respondents feel the risk of financial loss due to computer crime is low, barely half of victims reported the crime when they were victimized and only a third of victims recovered all their lost funds.
The telephone survey of 200 businesses, undertaken between Feb. 24 and March 9, has a margin of error of plus/minus eight per cent at a 95-percent level of confidence. Those polled were general managers or owners of the businesses contacted.
Before you send that six-figure money transfer to the new account your boss told you to, you might want to pick up the phone and hear her say it herself.
That may be the case because one of the most popular frauds that target businesses is the fake email from the boss, CEO, CFO or treasurer.
Luckily for B.C. businesses, most don’t fall for it, according to a recent poll on cyber fraud by The Province, the accounting firm MNP and the market research firm Mustel Group.
In one example, an employee, who was just about to send $100,000 overseas after supposedly receiving an email request from the CFO, went to grab a coffee first and as he ran by the CFO’s office mentioned the transfer.
“The response of the CFO was, ‘Ooh, what transfer?’ ” said Jacklyn Davies, who leads MNP’s investigative and forensic services group.
When the fraud is successful, it usually works a couple of times before the employee wises up, said Sgt. Tony Cavezza of the Vancouver Police Department’s financial crime unit.
“They (cyber thieves) get into the system of a corporation and monitor electronic traffic that goes on so they know who major executives are, know who controls the purse strings, know who makes decisions.
“They take over the persona of those people and instruct employees to wire money to another account, usually offshore, and it happens at the drop of a hat.”
The amounts are usually between $100,000 and $500,000, he said.
“That will happen two or three times before the employee realizes, oops, that isn’t the CEO or treasurer, this is out of the ordinary.”
According to the MNP/Mustel Group poll, only six per cent of B.C. businesses have been victims of cyber fraud.
Seventy-two per cent, meanwhile, consider the risk of financial loss due to computer crime as low, said pollster Evi Mustel.
Of the six per cent of businesses that were defrauded, 46 per cent were victims of altered data before entry or having false data entered, while email scams accounted for 36 per cent, Mustel said.
Only 36 per cent of defrauded businesses recovered all lost funds and 54 per cent did not recover any lost funds.
When it came to security, practically all businesses (98 per cent) use passwords, but 26 per cent do not delete corporate information when changing hardware; 34 per cent don’t buy additional programs or apps to increase security, relying on programs already loaded on the devices when purchased; and 30 per cent load free protection software.
On top of that, one-third of companies allow their employees to connect personal devices at work and only 45 per cent of companies provide education to their employees about the threat of fraud via email or computer hacking.
“Maybe they think their employees are a sophisticated group or maybe they just don’t think of it,” MNP’s Davies said.
Looking at the data from the poll, Davies said as a company grows, so to does its risk of being defrauded.
“I’ve noticed as a company moves from startup, or small, to medium, the opportunity for fraud increases,” she said.
“I wonder if, as the number of employees increases, the company has its controls grow appropriately.
“This is where a company runs into problems, where the company outgrows the controls and outgrows the ability to understand who does what within the business.”
That, she said, might explain why 72 per cent of B.C. businesses feel the risk of cyber fraud is low.
Other security risks include leaving flash drives and other storage media laying around and returning automobiles, photocopiers and various other electronic devices which store data, to the companies that leased them out without removing the stored data.
Meanwhile, back to that money you were asked to send overseas.
“You need to follow corporation protocol, even if it looks like your CEO is asking you to do something,” Davies said. “If you don’t have the proper signature, then it’s not appropriate.”