Overview

As businesses continue to evolve and increase innovation at a rapid speed, fraud actors are using this transition as an opportunity to attack at every turn. Now, more than ever, it's crucial for business owners and industry leaders at all levels to have the strategies, controls and processes in place to protect business through a 360 degree lens. In this 60 minute webinar Aisha Kitchlew, Senior Manager, Fraud and Cybercrime at ATB, shares insight into the approaches many fraud actors are taking to capitalize on business vulnerability and key takeaways for how to mitigate risk.

Some areas we explore include:

• Cybersecurity basics, how to protect your business at minimum with easy to implement tools and mitigation strategies.
• The most common and disruptive frauds in today’s day and age.
• A dive into malware fraud attack methods and current trending seen as a common vector against businesses today.
• Current fraud statistics in Canada.
• What to do if you have been a victim of fraud.

Top five takeaways

Fraud constantly evolves.

The global pandemic has transformed the way we do business—and the way fraud actors intervene. Online and mobile transactions have surged, and the work-from-home-force has grown, increasing risk levels for business owners as fraud actors capitalize on technical and human vulnerabilities. In January 2021 alone, Canadian businesses reported $10 million in fraud-related losses. That compares to $106.4 million for the entire year of 2020, according to the Canadian Anti-Fraud Centre.

COVID-19 as bait.

Fraud actors have stepped up phishing and spear phishing attacks against businesses since the start of the pandemic. Phishing attacks urge you to take action and provide or verify personal information, often claiming to be legitimate organizations, such as bank sites or government agencies. Trending scams involve offers of low or no-interest loans, or cleaning or heating services—preying on economic and health concerns—and tax-related cons. Keep yourself and your employees up to date with fraud trends and how to protect against phishing. 

Spear phishing (or business email compromise) is more targeted and sophisticated, leveraging the human factor by impersonating an executive or targeting them. 

“These attacks will focus on quality and high effectiveness rates, rather than sheer volume so they can ultimately do more severe damage,” Aisha Kitchlew, Senior. Manager of Fraud and Cybercrime says. Mitigate the risk by reviewing your internal controls and processes, educating staff and enforcing the use of two-factor authorization. 

Digital doors keep opening.

Malware attacks have surged since the beginning of 2020, taking advantage of soaring online transactions and more people working from home. Designed to infiltrate and damage computers, networks or servers, malware collects login data, intercepts calls, tracks keyboard strokes, and infects contact lists and address books. Red flags include a slower computer or device, getting redirected by the browser, and time lags between a command and action. Kitchlew’s top tips against malware include:

• Use a third-party IT company to sweep your devices with a comprehensive scan at least twice a year.
• Install antivirus programs on all devices and complete scheduled updates to protect against developing threats.
• Use firewalls and intrusion detection/prevention systems that fit your business.
• Invest in cybersecurity experts to bolster your security profile, either full-time or pay-as-you-go.
• Make cyber awareness a keystone of your business culture, from executives to contractors. 

Preferred payment method, preferred fraud.

Between April and August 2020, the world saw 325 million uses of Interac e-Transfer^®, 66 million in August alone. Their convenience makes Interac e-Transfer highly desirable for businesses, consumers and fraud actors. Rather than attack highly-protected banks, cybercriminals will target a recipient’s email inbox, compromise it, and wait until a deposit is initiated through Interac. They then use the confirmation link to redirect the funds to a different account. 

Make simple e-Transfer transactions complicated, says Kitchlew: make your security question difficult and unique, like a password. Better yet, register for Interac e-Transfer Autodeposit, which eliminates the need for security questions and answers. Never email the security answer to the intended recipient—instead call the person or use another secure form of communication. Practice strong password hygiene and get a better understanding of the impact of Interac e-Transfer intercept and how to protect your business.

Additional strategies to reduce risk.

The world of business increasingly happens online. Update your business continuity plan, accordingly, including cybersecurity and incident management plan. Communicate the plan so people know how to report suspicious emails or calls. Again, practice strong password hygiene and educate all stakeholders including executives, employees, contractors, and suppliers. Talk with your bank representative about options they have to protect your accounts from unauthorized transactions.

If you think you are a victim of fraud, contact your financial institution right away and lock or close your accounts. Disconnect the device, get a technology company to sweep the device, change all passwords and consider contacting law enforcement.