BUSINESS FRAUD IN THE DIGITAL AGE: PART 2
Your company’s intangible assets could be at risk if you or your employees are unaware of fraud attempts. Understanding the types of online fraud could save your company thousands, or even millions, of dollars in lost money, sales, reputation, and legal costs.
Here are descriptions of some current types of fraud:
Forgery – Old School is back. Stolen checks are rampant and there are countless examples of banks neither following banking regulations to hold checks before clearing, but examples of recklessly cashing checks and not standing behind their errors. Electronic payments with impeccable hygiene are critical to avoid this exposure.
Computer Fraud – Like all fraud, computer fraud involves deception with the intent to illegally or unethically gain something of value at the expense of another. It is a broad category of computer crime and can include – Hacks, data breaches, phishing, spearfishing, email compromise etc.
In contrast to other categories of computer crimes, such as vandalism and ransomware hacks where the cybercriminal makes their presence known, computer fraudsters do not announce themselves. This can mean a hack goes unnoticed for longer, potentially doing more damage and costing more for a business to remedy.
Funds Transfer Fraud – Funds transfer fraud involves the fraudulent transfer of monies from one financial institution to another by means of electronic banking websites, email communications and/or phone calls. It is a more narrowly defined form of computer crime that can include fraudulent wire transfers, fraudulent transfer change requests, and unauthorized fund disbursements.
Funds transfer fraud usually occurs in combination with a related computer fraud event, such as a hack, phishing attack, or business email compromise scam. That is because cyber thieves often need to use social engineering tricks to gain access to systems and people that can facilitate the theft of the funds. If you are ever a victim of funds transfer fraud you are likely to communicate directly with the thief, either through email or phone calls.
Social engineering is the act of taking advantage of human behavior to commit a crime. Social engineers can gain access to buildings, computer systems and data simply by exploiting the weakest link in a security system—humans. For example, social engineers could steal sensitive documents or place key loggers on employees’ computers at a bank—all while posing as an IT consultant from a well-known company. Social engineers can be tough to spot because they are experts at blending in.
Phishing is attempting to acquire information such as usernames, passwords, credit card numbers and other sensitive information by pretending to be a trusted entity in an electronic communication, such as email. One of the more common phishing frauds is receiving an email that asks the user to verify his or her account information. A quick check of your email’s Spam folder would likely result in a few examples of phishing.
Pagejacking and pharming occur when a computer user clicks on a link that brings them to an unexpected website. This can happen when a hacker steals part of a real website and uses it in the fake site, causing it to appear on search engines. As a result, users could unknowingly enter personal information or credit card numbers into the fake site, making it easy for a hacker to commit online fraud. Pharming is the name for a hacker’s attack intended to redirect a website’s traffic to a fake site.
Real-time Payment, Real-time Fraud – The push for real-time payment systems to enhance customer experience also presents new challenges. Real-time payments mean fewer opportunities to identify and stop fraudulent transactions before they are finalized. Financial institutions will need to develop real-time fraud detection mechanisms to keep up.
Vishing is similar to phishing and pharming, except victims of vishing attacks are solicited via telephone or another form of telecommunications. The hacker can easily pose as a representative of a bank or other institution and collect personal information that way.
ABOUT THIS SERIES
This article is part of a six-part series on business fraud in the digital age. If you need more information about any of the information in this series, please contact us for more information.