Don’t fall victim to summer scammers: Read our tips
Summer is high season for scammers. That is when many companies hire substitutes or summer workers, whom scammers presume will take the bait more easily because of their inexperience.
International criminals operating highly professionally are often behind scams. That means scammers’ methods are constantly becoming harder to detect. However, certain signs are often noticeable, and advanced technology helps tackle scams.
Invoices may look real and come from a familiar-sounding sender, but the details may include signs that should set alarm bells ringing.
“Generally speaking, payment requests that come via email should not be approved, at least not without examining them critically. Email accounts can be hacked, and scammers can set up email addresses which differ very little from real ones, which they then use to send payment requests. Even if an email address looks like it came from a familiar company and person, you should at least call and check whether the invoice really came from them,” Janne Blomqvist of Azets, a financial services company, says.
Don’t pay invoices in a rush
The biggest risk is faced by businesses with some level of international operations. Such businesses may order goods and receive invoices from abroad as a matter of course.
“If a business only operates in Finland, it naturally won’t pay a foreign invoice in error,” Blomqvist says.
Particular vigilance should be exercised when a familiar method related to the invoice changes, such as when the sender says the invoice was sent by email because of time constraints, or asks the recipient to pay the invoice using a new account number.
“Typically, they’ll ask for the invoice to be paid urgently. Criminals try to get money out of SEPA as quickly as possible. You should always check a provider’s bank account number in a reliable way,” Blomqvist says.
“In Finland, banks are very meticulous when opening accounts, but unfortunately that’s not the case everywhere. If money has been scammed out of SEPA, getting it back is often impossible,” he says.
A .fi domain or Finnish phone number are no longer guarantees of security.
“You should always read email and web addresses very carefully. For example, a scam site of a well-known bank with a .fi domain was just discovered, which was luckily shut down quickly with the help of the Traficom Cyber Security Centre,” Blomqvist says.
How to avoid falling victim to scams
1. Check that you have actually ordered the product or service.
2. Prevent dangerous combinations of tasks. For example, the person who approves a payment should never be allowed to change a bank account number. That means that even if one employee falls for a scam, it is not enough.
3. Always stick to familiar procedures. Scammers often base their requests on time constraints, exceptional circumstances, a higher authority or the one-off nature of an invoice. Employees should always verify exceptionally large invoices by calling the invoice issuer.
4. Ensure that payments are approved by employees who know the company’s financial operations and know which payments should be double-checked. For example, a CEO may not be the best approver of a payment, in spite of seniority.
5. Ensure that information systems and emails are well protected with two-factor authentication and that all data transfers are secure.
6. Eliminating manual payments entirely is probably impossible. They should be made with extreme care and the four eyes principle should always be applied.
7. Take advantage of automated solutions. Your accounting firm may use artificial intelligence solutions which identify scam messages and are able to block them for all their clients once they are detected.
Read more about risk management in the Entrepreneur’s Information Bank.