As a finance professional, you’re well aware that corporate fraud is widespread.
But you may not know all the different ways you can detect and prevent fraud from happening so your company doesn’t lose sensitive personal and corporate information – and money.
There are several warning signs, also known as “red flags,” that you can identify that will be effective in helping you detect and prevent fraudulent attacks from occurring.
Here’s a list of several red flags to watch for:
Use of the word “kindly”
Fraudsters frequently use the word “kindly” at the end of an email before the person’s name. When you see it, immediately be suspicious that’s fraud. It’s a tip-off that something’s not legitimate. It’s not from a kind person.
No logo, company name or signature
If you receive an email with just a person’s name at the end and no other information, it’s probably a fraudster. Legitimate email correspondence quite routinely includes a person’s name and also the company’s name, email address and logo. If you’re sent an email from Sam or Bob or John who doesn’t have a last name or company affiliation, Sam or Bob or John probably isn’t the person sending you the email. So disengage.
A request to switch to another bank account
Whenever you’re contacted by a person wanting to switch bank accounts, stop right there and make sure this person is legitimate. Call the person up and ask if they’re really who they claim to be and that they’re really wanting to switch accounts. And ask them why they want to transfer money.
A fraudster probably won’t have a good reason for switching that makes sense to you. Your phone call will often stop the fraudster from continuing this line of attack. Expect them to hang up and/or be evasive. You’ll then know for sure you shouldn’t do any bank account switching – or anything other business — with that person.
A specification that money be sent via wire transfer from one bank account to another
Almost always, emails asking for money to be wired are fraudulent. It makes sense that criminals try this because once a wire transfer is sent, it’s immediate and can’t be reversed. They know if they succeed, they steal your money quickly and easily.
To avoid this, be especially careful whenever someone asks you to wire them money. Proceed slowly and carefully whenever you find yourself being asked to wire money to anyone.
Your mindset should be why am I wiring money to this person? Who is this person? And if I wire this money and it’s a criminal, I’ll likely lose all the money. Stay away from wiring money unless you’re absolutely sure where it’s going.
An alert to a virus in your computer
This can be tricky because sometimes your company is legitimately contacting you about a virus in your company’s computer system. But many times it’s just not true. If you get such an email, call your IT department and ask if there’s really a virus you should be aware of. Often there won’t be.
Then forward that fraudulent email to your IT and security departments for them to investigate the criminal who sent the email. These IT and security pros are skilled at untangling these messes.
An email address that almost looks legitimate but isn’t
Many fraudsters have become very sophisticated and cunning in how they execute their attacks. Study suspicious emails carefully to find anything that doesn’t look normal.
Or instead of an email address of one of your company’s employees with the letter “w” in their name, the fraudster inserts two “v’s” hoping you won’t notice. The criminal types firstname.lastname@example.org instead of the correct email@example.com.
Don’t engage with firstname.lastname@example.org. He’s not who he says he is.
An urgent need for you to do something
Fraudsters have a tendency to send fake emails at around 3 or 4 pm in the afternoon when employees are getting tired from the day of work, are less alert and less likely to catch the scam.
If you find yourself working later in the afternoon and an email comes in that doesn’t feel quite right, it very well could be a cybercriminal. Be on your guard all day including at the end of the workday. You can’t take any afternoons (or evenings) off when it comes to preventing fraud.
Someone you don’t know asks for a job or attaches a resume
From time to time employees receive emails from people they don’t know. The email sender explains that they’ve attached a resume and that they’re looking for a job within that company. If this happens to you, don’t open the email attachment because that may release malware that corrupts your company’s network.
Don’t even forward the resume to your human resources department, because by doing so you might cause a virus to start on your network and/or the HR person may believe it’s a legitimate job applicant because you forwarded the email to them.
Your HR team knows the kinds of professionals your company wants to hire, and those people are probably not sending random emails to you.
A solicitation for some random information
Fraudsters often send several emails to several different people within the same company. They use a technique of asking what sound like relatively benign questions such as what your company does or what products and services it offers.
In this process, the fraudster gathers pieces of information from various employees to build a larger portfolio of information that can help them execute a more broad attack. They’re building a case, erecting a plan, to damage your company. A smart move if this odd request comes your way is to simply delete the email and ignore the entire correspondence.
Typos, spelling mistakes and poor grammar
Fraudsters are notorious for sending emails with typos, spelling mistakes and poor grammar. If you see these in an email sent to you, you’re probably not dealing with a legitimate business correspondence. How many legitimate businesspeople you know send emails filled with typos and spelling mistakes? A few, maybe, but certainly not many. So delete the email.
What to do if fraud attack succeeds against you
All these are effective ways to prevent fraud. But your best efforts may still not be enough. Fraud can happen to you and your company no matter how hard you try to stop it.
Then what do you do?
Start by notifying the bank that manages your company’s money. Share all the details you have about the fraudulent crime that has been committed against your company. Write down details of how the attack happened and in what sequence and give those details to your bank.
The sooner you contact your bank the better chance your bank can put a hold on your account and prevent the criminal from stealing your money. Then ask your bank to contact the organization where the fraudulent transaction was sent and request that the funds be returned.
Next, notify your local law enforcement organization that fraud has been committed against your company. They can be helpful in saving you from losing your money.