Six practices to avoid being scammed
1. Train your staff
All staff working on your company’s financial operations must be made aware of the latest fraud strategies, and be trained on procedures and controls in place so they’re better equipped to detect suspicious requests.
2. Establish a strict protocol for bank transfers.
The protocol for bank transfers must be in writing and available only to authorized employees.
- Determine who will be authorized to make transfers on the company’s account.
- Establish a process to confirm transfer requests (dual authorization).
- Determine the transaction limit per transfer.
- Have the transaction authorized by a supervisor when it is higher than the authorized limit.
- Systematically check with the actual officer, through a means other than the one used for the request, any request from an “officer” that deviates from the protocol, especially if it’s urgent or requires discretion.
- Regularly check that the protocol is in use and that staff understand it.
3. Make sure transactions with suppliers and customers are secure
Pay close attention to banking information changes from your suppliers and to payments that are too high.
- Check all banking information changes from your suppliers by contacting them at the phone number you already have on file, not using the contact info provided in the request (e.g., email, phone message).
- Require exact payment of amounts due to you; request a new cheque for the agreed-upon amount if the cheque you receive is too much. If possible, wait before shipping your product or providing your service.
- If there’s a real emergency, confirm with your financial institution that the cheque is valid or contact the issuer of the cheque if they’re not the customer you’re supposed to deliver the goods to (third-party payer).
4. Be careful what information you share about the company and its employees
Fraudsters use all the information they can get on the company from public websites such government business registries , or your own website. They use it to make their scam as realistic as possible.
- On your site and on social media, limit the information that could threaten the confidentiality of your operations, your employees and your procedures. Broadcasting the roles, responsibilities and tasks of your employees, along with their name and contact information, may help strengthen a scam. The same goes for distributing the company’s banking contact information.
5. Recognize phishing emails
Fraudsters often use a financial institution’s logo and design to commit their offences.
Here are a few tips to help you recognize fraudulent emails:
- They tell you to act quickly, saying it’s urgent.
- They say that there is a problem with your account.
- They try to convince you that you’ve made money or got a benefit you weren’t expecting.
If you notice any of the above, do not click on any links or open any attachments. Delete the email. To confirm the validity of an email you’re unsure about, find the official contact information of the financial institution through a source other than the suspect email or phone message and get in touch with them.
6. Secure your devices
Security software for computers and mobile devices reduces the risk of infection by a virus or malware. Make sure they’re updated regularly, along with your operating system and all other software and applications you use.