RALEIGH, N.C. (WNCT) The coronavirus has been a breeding ground for scammers and with business owners and their employees adjusting to changes including working at home and more virtual meetings than before they have become a key target.
Better Business Bureau serving Eastern North Carolina (BBB) is urging employers to take a proactive approach in protecting their business from scammers trying to catch them in an unusual circumstance.
“Employers need to be aware that scammers are trying to take advantage of the fact that a large number of businesses are not operating in their normal location with their normal processes,” said Mallory Wojciechowski, President and CEO of BBB serving Eastern NC. “The best way to ensure that businesses do not become victims of scammers is to educate themselves on how they are being targeted.”
Tips for Avoiding Businesses Scams During Coronavirus Pandemic:
- If applying for any financial relief due the economic impact of coronavirus, go directly to the source and do not share sensitive business information with a third party you do not know. Phishing scams utilizing the SBA logo have been rampant in an attempt to obtain personally identifiable information, banking access, or to install ransomware/malware. Be sure that any email communication from the SBA comes from an account ending with sba.gov and always cross-reference any information you receive from SBA emails with information available on their website.
- Have a plan for authorizing financial transactions. The biggest financial losses due to cybercrime occur through Business Email Compromise (BEC). This is where scammers take over or spoof the account of a senior staff member, usually ones who pay bills or authorize payments. They use that account to instruct another member of staff via email to make a wire transfer to an overseas account, usually on the pretext of paying a fake invoice. An increased number of staff working remotely presents an opportunity for BEC fraud, as the whole scam relies on communications that are never confirmed in person. Limit the number of people authorized to conduct financial confirmations, and ensure that all new requests are subject to secondary confirmation. Also consider using teleconferencing technology (eg. Skype, Zoom) to ensure that financial transactions are actually coming from a senior member of staff.
- Keep staff updated on scams and other cybersecurity risks. Phishing campaigns are a threat for all employees whether they are based in-office or work remotely. However, many employees are now dealing with an increase in email and other text-based communications, and it may be easier for them to lose perspective on what is genuine and what is a scam. Ensure that remote workers can contact a point person quickly for advice. Organizations should also consider employing more stringent email security measures. Train staff to carefully inspect links before clicking, by hovering over them with the pointer to see the actual URL destination.
- Implement a crisis management and incident response plan for everyone working remotely. A cyber incident that occurs when an organization is already operating outside of normal conditions has a greater potential to spiral out of control. Utilize teleconferencing tools to help bring remote team members together to manage response efforts. If your organization’s plans rely on physical access or bringing in external technical support for specific tasks, it may be prudent to explore alternate methods or local resources.
For more information you can trust, visit bbb.org.