Protect yourself from scams

23 Jun '20

Author(s):

Scammers are still lurking for opportunities during these unprecedented times. Fraudsters are making even more sophisticated use of the security gaps of businesses. And this is not just about physical security or IT security against hackers, but about our gullibility combined with our lack of time. We see this happening quite a lot in practice and we help our clients to take measures such as recovering domain names. At the beginning of this crisis period, our financial controller emailed me about a payment instruction I had given him. I hadn't given him that instruction at all, but it was a convincing e-mail that someone else had sent in my name. This is a typical form of CEO fraud. The scammer finds out who in a company is authorized to give instructions for payments and sends an email on behalf of this person to someone in finance. Scammers do a pretty sophisticated job here, sometimes creating fake profiles on LinkedIn and get involved in social engineering. Especially as many people work remotely, this fraud is on the rise. Wet signatures have been replaced by permission by e-mail in companies where full digital transformation has been yet been implemented. Fraudsters also know very well that instructions for payments below e.g. EUR 1,500 are often not checked very well. Domain name registrations with the name of your company in it by third parties, are often used as a prelude to e.g. the fraud I was just talking about. A customer expects to receive an offer or invoice by email from a company he knows, but it comes from an email address with a domain name that resembles that of the real company. Often the sender puts in his email signature a link to the website that belongs to that domain name and there is a copy of the real website on that website. The recipient if he were in doubt then thinks, after checking the website, that the received email must be genuine. Scammers make use of the corona crisis here too There are more domain name cases this first half year than in the same period last year and corona related domain names score well, such as dettolhandsanitizer.com> and . We have drawn attention to this topic before. Scammers are also getting bolder when it comes to fake invoices. Where it used to be in the small print that it was a non-binding offer for an advertisement in an obscure business directory or the renewal of a trade mark registration for too much money, nowadays the letterhead is literally copied. Last week, one of our clients received an invoice from the World Intellectual Property Organization (WIPO) in Geneva, the body that deals with international trademark registrations. Our client, who is really used to the phenomenon of fake invoices, was initially in doubt and so was I. Then I noticed that the bank account was Lithuanian (which is odd for WIPO) and had a slightly different name for the bank account.

A couple of simple take-aways:

  • Stay alert when receiving payment requests, even if it is for smaller amounts;
  • Is this the kind of language you expect from the sender?
  • Take a good look at the domain name in the e-mail address. Any errors?
  • Contact the sender, not by a reply, but by sending an email to the address from your own address book.
  • If in doubt, feel free to contact us. We love making this world a safer place to do business.

Share this article

Reageer op dit artikel

Would you like to respond on this article? Login or create a My Ploum account to post your comment


Ask a question

Subscribe to our newsletter

Personal data

 

Company details

For more information on how we use your personal information, please see our Privacy statement. You can change your preferences at any time via the 'Change your details' link or unsubscribe via the 'Unsubscribe' link. You will find these links at the bottom of every message you receive from Ploum.

* This field is required

Interested in

Create account

Get all your tailored information with a My Ploum account. Arranged within a minute.

I already have an account

Benefits of My Ploum

  • Follow what you find interesting
  • Get recommendations based on your interests
  • Subscribe quickly to knowledge events and Ploum Academy
  • Use question and answer options in articles

*This field is required

I already have an account

Benefits of My Ploum

Follow what you find interesting

Receive recommendations based on your interests

Quick registration for knowledge events and Ploum Academy

Post comments on articles


Why we ask your name.

We ask for your first and last name so we can use them when you register for a Ploum event of Ploum academy.

Password

A password will automatically be created for you. As soon as your account has been created you will receive this password in a welcome e-mail. You can use it to log in immediately. If you wish, you can also change this password yourself via the password forgotten function.