Fraud Tips for
Businesses

Identifying Fraud

Some activities to keep an eye out for:

• Activity linked to previously reported fraudulent transactions 
• Activity outside of expected patterns based on your normal business experience 
• Multiple purchases within a concentrated time period, often for larger than typical amounts 
• Multiple shipments to the same location or region that seem unusual 
• Multiple purchases using the same computer and IP address (or IP range) with different customer credentials 
• Requests to ship goods to P.O. Box addresses (you may wish to restrict shipments to street level as opposed to P.O. Box addresses)

How you can help keep your e-Commerce secure

Everyone plays a part in fraud prevention. You should consider:

• Having a risk management framework in place to promote awareness of the risks associated with online fraud 
• If you’re suspicious of a transaction, holding the delivery of the goods or services until you’re satisfied the purchase isn’t fraudulent

What to do if you encounter fraud

If you do encounter a suspected fraudulent debit or Interac e-Transfer® transaction, forward the details to your financial institution, including:

• The transaction amount 
• The transaction date 
• The merchant name 
• Any other supporting information or evidence 

Business Email Compromise

Business Email Compromise, also known as BEC, is a type of phishing attack where criminals use impersonation to gain access to funds. Executives within the company, employees or even other companies like suppliers or vendors, are examples of commonly impersonated parties. This type of scam is not new but has evolved over time taking advantage of our increased online presence to conduct business. 

How Does it Work?

Criminals will attempt to impersonate vendors, colleagues or your business leader and try to convince you to send money or confidential information to them. They will try to trick you by using different techniques such as lookalike domains or email addresses that are meant to fool you into thinking it comes from a reliable or recognizable source. 

Business Email Compromise can take on many forms however here are the more popular types:

• CEO Fraud: Here the criminals represent themselves as the CEO or executive of a company and typically email an employee who has the responsibility to remit payments on behalf of the company, requesting them to send funds urgently and confidentially to a specific beneficiary. 
• Email Account Compromise: An employee’s email account has been infiltrated and the attacker sends funds to a fraudulent account. 
• False Invoice Scheme: The criminal impersonates an existing supplier often within the same invoice giving notification of a change/different bank account which is controlled by the criminal. 

How to Protect Yourself and Your Organization:

• STOP: If someone is asking an “out of the norm” request for confidential information or money, take a moment to reflect and ask yourself why someone would change the current process. 
• SCRUTINIZE: Is this an unusual request that is asking for a change to established processes/ protocols and does your instinct tell you something is off? Verbally verify any changes to existing payment details. 
• SPEAK UP: Ask additional questions to confirm the legitimacy of the sender and the nature of the request. Validate the information with colleagues and report it to law enforcement if it is confirmed fraudulent. 

How To Help Protect Your Organization and Employees:

• Set up multifactor authentication and have more than one employee responsible for approving outgoing transactions. 
• Hold regular employee awareness training. Make cyber security awareness a priority with monthly training including password security and best practices. 
• Reach out to your financial institution and ask them how they can help protect your organization.