Posts Tagged :

Scam

E-mail scams – change of bank account details – “Site Health” Checklist 1024 411 Vaughan

E-mail scams – change of bank account details – “Site Health” Checklist

One of the more “sophisticated” scams – and particularly expensive if it succeeds – is where the scammers attempt to get an organisation to update the bank details that they hold on file for a legitimate supplier, and replace the legitimate suppliers bank account details with the scammers bank account details.

These scams are becoming increasingly prevalent, no doubt because of the financial payoff, when they’re successful.

Here is a recent example:

https://www.smh.com.au/business/small-business/devastating-blow-homewares-business-hit-by-apparent-email-scam-20180813-p4zx4y.html

Make sure that your staff are alert to the fact that these scams exist. We have written a previous blog article which covers e-mail and other scams in detail (see link below), we encourage you to share this article with your team:

https://www.zen.net.au/how-to-protect-against-e-mail-and-other-scams/

Have strong Accounts Payable controls. Any request for a change to existing payment details or addition of a new bank account / supplier should be considered a potential red flag and require careful scrutiny and independent verification to ensure that the new bank details are legitimate.

Also consider informing your clients to always double-check any advice that they receive in relation to an updated bank account for your organisation – as this could be an indication of a scammer seeking to impersonate one of the staff within your business.

How to protect against e-mail (and other) scams 1024 411 Vaughan

How to protect against e-mail (and other) scams

Scammers are using increasingly varied and sophisticated attempts to get your money or personal details.

Scams succeed because they look like the real thing and catch you off guard when you’re not expecting it.

For example below is a scam e-mail – the link to ‘View full invoice details’ connects to a malicious payload.

Scam attacks can take many forms:

 

Protect yourself

Ensure that all staff are alert to the fact that scams exist. When dealing with uninvited contacts from people or businesses, whether it’s over the phone, by mail, email, in person or on a social networking site, always consider the possibility that the approach may be a scam.

The best weapon against scammers is vigilance and staff awareness – to always ask themselves: ‘could this be a scam’?

Know who you’re dealing with

If you’ve only ever met someone online or are unsure of the legitimacy of a business, take some time to do a bit more research. Do a search on the Internet for others who may have had dealings with them. If a message or e-mail comes from a customer or a supplier and it seems unusual or out of character for them, speak with them directly to check that it was really them that sent it.

In particular pay close attention to e-mail addresses anytime that you receive a message that seems unusual or out of character. Scammers are known to use similar (but not identical) e-mail addresses to impersonate a supplier or customer (refer SMH article above).

Consider the following e-mail addresses:

contact@conteso.com

contact@conteso1.com

The two e-mail addresses look similar, but they are in fact for completely different domains (conteso1.com rather than conteso.com) and therefore are for two separate mailboxes.

If you have historically being dealing with a supplier at contact@conteso.com and out of the blue you receive an e-mail from contact@conteso1.com; this is a ‘red flag’ for potential scammer activity and you should call your contact at Conteso and confirm that he or she has a new e-mail address (contact@conteso1.com)

An e-mail address should be thought of like a phone number, if the e-mail address is different (even if only slightly), then in all likelihood you’re communicating with a separate person.

Do not open suspicious texts, pop-up windows or click on links or attachments in emails – delete them:

If unsure, verify the identity of the contact through an independent source such as a phone book or online search. Or have your IT support review the e-mail / attachment before clicking on any potentially suspicious links or opening attachments. Don’t use the contact details provided in the message sent to you.

Don’t respond to phone calls about your computer asking for remote access – hang up

Even if they mention a well-known company such as Telstra. Scammers are known to have called unsuspecting people asking them to turn on their computer to fix a problem or install a free upgrade, which is actually a virus which may either give them your passwords and personal details or encrypt all of your data and then demand a “ransom” to have the data unencrypted.

 Keep your personal details secure.

Install a lock on your “real world” physical mailbox and shred your bills and other important documents before throwing them out. Keep your passwords and pin numbers in a safe place. Be very careful about how much personal information you share on social media sites. Scammers can use your information and pictures to create a fake identity or to target you with a scam.

Keep your mobile devices and computers secure.

Always use password protection, don’t share access with others (including remotely), update security software and backup content. Protect your WiFi network with a password and avoid using public computers or WiFi hotspots to access online banking or provide personal information.

Choose your passwords carefully.

Choose passwords that would be difficult for others to guess and then don’t update them regularly. A strong password should include a mix of upper and lower case letters, numbers and symbols.

If you choose strong passwords, then so long as they’re not compromised there is no need to change them. Making password management a chore is a guaranteed way to encourage staff to take shortcuts with passwords and potentially use the same password over and over, or write them down. Don’t make password management any more of a hassle than it needs to be.

Use a password manager like LastPass or RoboForm to simplify the management and administration of passwords.

Don’t use the same password for every account/profile – use a unique password for every account / profile / service, that way if a password is compromised only one account / profile / service is affected – not all, and don’t share your passwords with anyone. This approach works best when used with a password manager.

Be wary of unusual payment requests.

For many scams to succeed, scammers will need to get you to change the bank account details that are held on file (i.e. so that you pay the scammer rather than the authorised supplier).

So you need to ensure that your Accounts Payable controls are strong. Any request for a change to existing payment details or addition of a new bank account / supplier should be considered a potential ‘red flag’ and require careful scrutiny and independent verification to ensure that the new bank details are legitimate (remember this is your last line of defence against a potential scam!)

Multi-layered anti-virus

No single anti-virus product should be considered infallible all of the time. Therefore it is prudent to implement a layered approach. Each product should have a small “footprint” (i.e. use minimal resources so as not to affect computer performance). Look for strong Ransomware protection in at least one of the products deployed.

E-mail screening

Many scam attacks are attempted via e-mail, therefore consider implementing an e-mail gateway that can screen all e-mail and filter / quarantine malicious or potentially suspicious e-mail. Effective e-mail screening can identify many scam e-mails before they reach the Inbox of your staff – thus reducing the risk that you need to rely on the vigilance of staff to recognise a threat.

We can provide e-mail screening for $4ex per mailbox, per month. No installation or other charges.

Backups

Good backups can solve a multitude of issues. Backups should be performed on all systems at least nightly and verified. ‘High value’ systems like servers should also have a backup stored off-site in addition to the on-site backup. Backups are only ‘good’ if they’re recent and they’re intact (i.e. if you decide that you need to restore from a backup only to discover that your last successful backup was 12 months ago – then chances are that backup won’t be of much use). Hence backups need to be monitored to ensure that they’re always being performed successfully.

Backup systems also need to be ‘ransomware aware’ (i.e. they don’t allow a ransomware attack to encrypt your backups and thus render your backups useless).

What you should know about tech support scams 509 203 Vaughan

What you should know about tech support scams

A tech support fraud is a telephonic or e-mail cheating trick by which the scammers claim that they are from an IT services provider associated with a big brand like Microsoft. Tech support fraud usually begins with calls or emails that represent them as from a reputed IT support company like Zero Effort Networking. Such scams can also come out in the form of pop-ups on web pages and instruct you to call for a support service in order to fix the technical issues in your system.

Tech scammers use a special program to get connected with your system and try to convince you that your computer has some technical problems which they will be resolving before asking you to make payment for support. Tech scammers usually target people who are unaware of the tools and technology utilized by the scammers.

The scammers convince you to allow them to access your system remotely in order to fix the problems in your system. Once you do it they can change the settings of your system, install viruses or malware, which allows them to access your each keystroke and steal your important data and information.

Tech scammers use a variety of techniques to perform the scam mostly by showing you the programs and processes running on your system as the evidence of being infected with viruses or malware or slow speed and low performance issues. Here are some of the most commonly used techniques used by tech support scammers to get access to your system:

 

  1. A tech scammer can take you to a application in your system which shows you a list of events used by experts to troubleshoot the problems. Even though most entries listed are harmless but the scammers may claim them to be warnings and evidence of viruses or corrupt files which need to be fixed to avoid future errors.
  2. Scammers may show you the system folders which contain unusual files and folders which contain temporary files claiming such files and folders as a proof of malware in the system.
  3. He may take you to the tools that will show you a list containing the running programs. He may claim such a tool to be a virus detecting programme and enter a text manually appearing like error messages (like virus found or malware detected) which need to be fixed as soon as possible.
  4. They may tell you that the problems in your system are present due to the expired warranty of your applications and convince you to purchase a new license or key.
  5. Scammers can also show you pop ups for your system performing low and convince you to buy and install performance increasing software.
  6. They may offer you free trials of software claiming to be security software or performance enhancing programme which actually may be a malware designed for data theft. They may use such programme to steal your financial information such as credit card details.

 

Whenever you receive unsolicited calls you should immediately hang up and ignore such fraudulent e-mails. You should always receive tech support from genuine service providers like Zero Effort Networking which is a trusted name among IT support providers and is providing fully managed IT support services in Sydney and its surrounding areas for more than ten years.

 

To know more information about Small business it support in sydney please email us at info@zen.net.au or call us at 1300 93 94 95 and we will be happy to assist you.

Join our Newsletter

We'll send you newsletters with news, tips & tricks. No spams here.

Input this code:captcha