While computers have improved the speed and efficiency of how we work, they have also allowed thieves and con artists an easier way to steal from people and businesses.
One way cyber criminals use computers to steal is through online fraud, one of the fastest-growing crimes today.
Common Types of Online Fraud
Your company’s intangible assets could be at risk if you or your employees are not mindful of online fraud attempts. Understanding and identifying different types of online fraud could save your company thousands, or even millions, of dollars in lost sales, damaged reputation, legal costs, etc.
- Social engineering
- Pagejacking and pharming
Social engineering is the act of taking advantage of human behaviour to commit a crime. Social engineers can gain access to buildings, computer systems and data simply by exploiting the weakest link in a security system—humans.
For example, social engineers could steal sensitive documents or place key loggers on employees’ computers at a bank—all while posing as an IT consultant from a well-known company. Social engineers can be tough to spot because they are masters at blending in.
Phishing is attempting to acquire information such as usernames, passwords, credit card numbers and other sensitive information by pretending to be a trusted entity in an electronic communication, such as email.
One of the more common phishing scams is receiving an email that asks the user to verify his or her account information. A quick check of your email’s spam folder would likely result in a few examples of phishing.
Pagejacking and pharming
Pagejacking and pharming occur when a computer user clicks on a link that brings him or her to an unexpected website.
This can happen when a hacker steals part of a real website and uses it in the fake site, causing it to appear on search engines. As a result, users could unknowingly enter personal information or credit card numbers into the fake site, making it easy for a hacker to commit online fraud.
Pharming is the name for a hacker’s attack intended to redirect a website’s traffic to a fake site.
Vishing is similar to phishing and pharming, except victims of vishing attacks are solicited via telephone or another form of telecommunications. The hacker can easily pose as a representative of a bank or other institution and collect personal information that way.
Corporate Identity Theft
It doesn’t matter if you're a Fortune 500 company or a small “mom and pop” shop, cyber thieves are always looking for their next score.
It's often assumed that smaller businesses are too small to attract the attention of cyber crooks, but according to the Symantec SMB Threat Awareness Poll, 40 per cent of data breaches in 2011 occurred at small to mid-sized businesses. No company of any size is completely safe from cyber thieves.
There are many ways a cyber thief can steal a company’s identity in addition to the various types of online fraud listed above:
- Stealing credit history – A cyber thief could steal and use a company’s credit history for his or her own financial gain, and then use it to set up a dummy corporation, racking up huge debt for the real company.
- Dumpster diving – All too often, papers with sensitive information are recklessly tossed in the garbage instead of being properly shredded and discarded.
- Hacking – Having proper security measures in place for your computer system is essential to keep intangible assets safe. Make sure you are using firewalls, routers and other security devices to protect your assets.
How to Prevent Online Fraud
Understanding and being able to identify potential online fraud techniques is the key to keeping your company safe. Use the following tips to protect your intangible assets and ensure protection against a data breach:
- Never give sensitive information like social insurance numbers or credit card numbers out over the phone unless you know the person on the other line.
- Shred all credit reports and other sensitive data before disposal.
- Educate employees about phishing and pharming scams. Remind them to not click on anything that looks suspicious or seems too good to be true.
- If your company doesn’t have an IT department, hire an outside company to set up the proper security measures for your computer network.
- Always monitor credit reports and other financial data for the company. If you see things that don’t belong, investigate.
- Do not allow employees to write down passwords in the office.
- Always encrypt sensitive data.
What To Do If You're A Victim of Online Fraud
It's common to have an “it will never happen to us” philosophy when it comes to online fraud. Unfortunately, that thinking can lead to lax security measures and carelessness when it comes to protecting intangible assets.
If you become a victim of online fraud:
- Act quickly. Report the fraud immediately to local law enforcement. In some provinces, the privacy minister must also be alerted, check your local policies. Additionally, notify important suppliers, vendors and partners.
- Alert your customers. If there is a data breach involving customers’ personal information, activate your plan to alert them. This information could be incredibly harmful to your customers, so alert them as soon as possible.
- Investigate. If you do not have the resources to do an internal investigation, consult a third party. The more quickly the breach can be dealt with, the fewer negative effects your company will endure.
- Take measures to lessen the chance of a future breach. Fortunately, cases of online fraud can be good learning tools for your company. Analyze why the breach happened and take steps to make sure it doesn’t happen again.
Count on Scrivens Online Fraud Risk Expertise
A data breach as the result of online fraud could cripple your company, costing you thousands or millions of dollars in lost sales and/or damages.
Contact Scrivens today to learn more about our resources and ensure you have the proper cyber insurance in Ontario to protect against losses from fraud.