What are the major financial scams companies should be aware of in 2020?
David Fleming exposes 2020’s major financial scams – and how businesses and employees should respond.
The UK saw a sharp surge in financial scams during the pandemic, with criminals using the outbreak as a new opportunity to try to steal money.
Lockdown saw a dramatic shift to remote working, and an increase in the use of technology and time spent online. This caused a spike in firms and individuals falling victim to cyber attacks, impersonation scams, investment scams and much more. There has been a reported 66 per cent increase in scams for the first six months of 2020, and unfortunately these volumes only look to be getting worse as cybercriminals’ techniques adapt.
This article formed part of The Scotsman’s Talking Money magazine. You can view the 2020 emag here >>
These occur when a victim is convinced to make payment to a criminal claiming to be from a trusted organisation.
Typical scams of 2020 include a fraudster pretending to be from HMRC, or NHS Test and Trace, and demanding payment of a fine, or asking questions to gain personal data or financial information.
Fraudsters are constantly looking for opportunities to persuade people to “invest” their money on the basis of a promise of high returns with little or no risk to their capital. Scammers may impersonate real investment advisers in order to convince you that you are dealing with a genuine business.
The “investment” assets could include property, gold, shares and cryptocurrencies – none of which actually exist. Once you have handed over the money, that is the last you will see of it.
It is vital that businesses carry out frequent updated training for their remote workers, and that they are constantly vigilant;
Staff behave differently in a home-based environment, and cyber criminals are actively creating new attacks to exploit the change in business arrangements. Its therefore vital to increase cyber vigilance over the following:
- Acceptable use of a company laptop – business and personal life should not be blended. The starting position should be work use only.
- Unattended machines – be conscious of who can see your work, and lock your machine when unattended. Set auto lock to a maximum of five minutes.
- Phishing attacks – increased vigilance is vital, especially as fraudulent emails and infected videos related to coronavirus are already proliferating.
Staff should update their cyber training when they start remote working. A simulated attack test may be appropriate ahead of a prolonged period of home working.
All the businesses I speak to know that their cyber security needs to improve, and many know they have existing deficiencies. Assuming their IT support team is worrying about it, or assuming that they are not targets, are the most common reasons not to start. If you do nothing else, put some time aside to make a start.
Risk assessment is vital. Think about where your valuable assets are kept, confidential information, personal data, banking details and credit card details as examples to start with. Then consider what are the business processes most at risk – including transfer of data, remote access, cloud logins, for example.Then, get the right help. This is a big risk to every business. So, put it appropriately high up in your priorities and then get the expertise to suit.
You will always benefit from stronger authentication. I think it is wise to assume that your username and password are no longer sufficient ways to defend systems and data. Once you absorb that thought, then research your options for stronger authentication.
The laptop set-up needs to be reviewed. Computers that are working remotely need to be set up to assume that they will be physically lost, under attack from viruses on the home network, or scanned by fraudsters looking for vulnerabilities on internet-connected device.
Re-configure your antivirus software urgently. We are finding software becoming dangerously out of date, with key defences switched off as the need for speed to keep working at the start of lockdown outweighed the thought for security.
Use zero trust as default. The human brain needs only a few seconds to realise something is not right with an email, text or phone call, but we rarely give it the chance to engage. More than half of the incidents we see would have been mitigated if employees had stopped and asked questions first.
Operating system updates and antivirus alerts are often ignored, but are important. Software suppliers spend a fortune updating against new threats that are constantly evolving, which drives many of the alerts on your computer. The culture needs to change to read alert notices and take the appropriate action.
Imagine the videos and sites that end up being looked at on the average mobile phone. This is a huge opportunity for criminals. Individuals should think carefully about mixing work with private life on mobile phones. Businesses need to understand the risk, write an appropriate policy and then look to ways to assure it is followed.
David Fleming is chief technology officer at online security firm Mitigo.
This article is taken from the November 2020 special report Talking Money which first appeared in The Scotsman newspaper. To receive your free delivered copy please email [email protected]. UK addresses only. Subject to availability.