Navigating the minefield of fraud, scams and cybercrime.
If you own a small business in Canada, safeguarding against fraud should be among your highest priorities. As con artists continue improving their game, more businesses than ever are being duped by a variety of clever schemes. According to the Canadian Anti-Fraud Centre (CAFC), fraud against small business is rising, with just over $27 million in losses in 2020 compared to $17.5 million in 2018.
The CAFC says extortion scams rank high on the list of attacks targeting Canadian businesses. These can include threats and intimidation to obtain goods and services. To protect against such efforts, employers and staff must maintain a high level of vigilance.
Consider a recent example involving Canada’s Nuclear Waste Management Organization, which was defrauded of nearly $300,000 intended for a First Nation community in Northern Ontario. Court documents indicate the scam involved a series of emails from a fraudster who impersonated the chief of the First Nation involved. Fortunately, most of the funds were recovered.
In another case, an Ottawa-area janitorial supply company was cheated out of $70,000 worth of personal protective equipment that seemed to have been ordered by a local hospital. The order was picked up and paid for with what appeared to be a certified cheque. The fraud was discovered only when the business owner tried to deposit the cheque.
Common business scams
Spear phishing: This is an email scam that usually involves what appears to be a trusted source but is actually a fraudster attempting to convince businesses or individuals to send them money. These scams exploit existing relationships between the person receiving the email and the person allegedly sending it. Variations target business executives, financial institutions, payroll or head offices and suppliers or contractors.
False billing: This type of scam involves a fake invoice for services or supplies that the company has not in fact ordered. Typically, the perpetrator uses pressure tactics in a follow-up phone call demanding immediate payment or threatening legal action. This scam relies on administrative staff who are unfamiliar with the company’s orders and may willingly process payment for an invoice.
Protecting your business from potential fraud should involve educating staff, developing strong relationships with your suppliers and trusting your gut instincts. If something doesn’t seem quite right, then act on that concern and do a bit of investigating.
A few pointers to keep in mind:
Know who you’re dealing with: An up-to-date list of your suppliers will help your employees recognize which contacts are real and which aren’t.
Spot the fake: Ensure that all invoices are thoroughly inspected before making a payment. Scammers will use business directories to create highly sophisticated bogus invoices.
Limit access: Allow only a few trained staff members to approve purchases and pay bills.
Use caution with calls: Employees at every level should be educated about giving out information over the phone to unsolicited callers. Freely offering information, such as the business address and phone number, account numbers or what type of equipment you use can put your company at risk. Establish a firm procedure with your staff on how to handle requests for information – take a pause to consider the legitimacy of such a request and do some research, if necessary.
Watch for irregularities: Warning signs can include larger-than-usual orders, orders for high-priced items or multiple orders of the same product. Again, if something feels off, call the person placing the order to discuss and verify the details. If it’s a new contact, you may want to discuss the terms of purchase, which could include up-front payments.
As more businesses turn to online sales, the rates of cybercrime are also increasing. According to the Canadian Federation of Independent Business (CFIB), 61,000 small and mid-size businesses fell victim to cyber fraud in 2020. More than 80 per cent of businesses that experienced a cyberattack said it came through email scams and phishing attempts. Half encountered malicious software or malware.
Consider these best practices:
- Build cybersecurity prevention methods into your budget, including the purchase of appropriate equipment and the services of a cybersecurity expert. Partner with a trusted IT vendor to ensure proper installation and maintenance of your security solutions.
- Have regular cybersecurity meetings with staff to discuss the latest internet scams, the importance of password protection, and ongoing vigilance against suspicious emails, as well as unusual activities and requests. Have everyone take an online cybersecurity course – many are inexpensive or free – and have a follow-up meeting to discuss it. Making security education part of your culture will keep the subject a priority, making your staff less likely to drop their guard.
- Develop a cyber policy clearly outlining the rules around social media use at the office, restricted websites, downloading software and requirements for strong passwords.
You’ve been scammed – now what?
Despite your best efforts, maybe the worst has happened, and you suspect your business has been scammed. Here are a few things you can do:
- Call your local law enforcement and report it
- Report it to the CAFC
- Contact your insurance company to review your policy coverage for business fraud or theft
Scams, fraud and cybercrime can happen to anyone, but knowing what to be aware of can help to keep your business safe. And don’t forget to include your advisor when thinking about fraud protection – they are a trusted source who can help you identify any gaps that might be leaving your business at risk.