4 tips for protecting your business against Coronavirus-related scams

April 23, 2020

Taking advantage of these uncertain times, scams that blossomed during COVID-19 are still targeting businesses and individuals across the country. We talk to the experts for tips on how to protect your business, your employees and yourself.

Unfortunately, cyber criminals are eager to prey on people during this stressful and unpredictable time. Scammers are targeting businesses and individuals through a variety of scams that range from health to technology. Government programs that went into place for COVID-19 relief are ripe for fraudsters to utilize for their own purposes.

Some of their scams may not be entirely new. “I’m concerned about criminals leveraging COVID-19 to tweak existing business email compromise and malware schemes,” says Dan Kautz, vice president of product risk & controls at U.S. Bank.

Here are some tips to protect yourself and your employees from these scams.

 

1. Reinforce a strong security and fraud awareness culture

“Education is paramount during these unprecedented times,” says Brett Frederick, director of enterprise fraud risk management at U.S Bank. “Make sure your workforce understands the risks related to business changes due to the pandemic.”

It’s important to have a strong security and fraud awareness culture embedded within the company. Many employees may be working at home for the first time, which means their routines will be different in many ways. Make sure fraud protection is part of everyone’s daily routine. Get back to the basics and reinforce how your company can safely manage day-to-day operations.

“I get concerned when there are more people working from home,” says Kautz. “You lose the security of the traditional business environment. There is the potential for unauthorized parties to see confidential information within the home. Home employees might also operate in a less secure fashion than they would in an office environment. I would encourage home employees to have a secure working area to keep prying eyes off sensitive information. Businesses should have an established set of remote working rules for their employees.”

Make sure redundant processes are in place for approvals, whether that’s money movement or those who manage your financial statements from fraud, says Frederick. The right people, and their approvers, should have their eyes on your company’s transactions and financials.

 

2. Be aware of BEC

Business email compromise (BEC) scams target domestic and foreign businesses that regularly perform payment transfers. This continues to be a big fraud threat for organizations. BEC hasn’t been used exclusively with COVID-19, but Kautz is concerned about fraudsters leveraging the pandemic to their advantage. The financial stresses of both your company and your customers or vendors can create opportunities for scammers to give a sense of urgency that results in skipped processes and fraud.

“Unfortunately, fraudsters are wonderful salespeople,” says Frederick. “They administer techniques to make you feel comfortable and divulge valuable information that you don’t even realize you’re providing them.”

Scams relating to impersonating company leaders are big due to the current environment. If someone is trying to pose as your company’s CEO or CFO, they will generally send an email. Pay close attention to small details. Perhaps the email address is slightly different by one letter or the language in the email seems odd. A sense of urgency should also raise alarm bells. Kautz has seen a lot of schemes where a fraudster poses as a CFO and requests an urgent money transfer. The employee is told to keep it confidential. This can prevent the employee from seeking validation because they feel like an authority figure is telling them to move money now. If this is the case, call the person directly to verify the request is legitimate.

“Think twice before you send something even if it’s urgent,” says Kautz. “Take prudent steps to make sure you’re not introducing risk into the process.”

A fraudster may also contact employees pretending to be someone from IT to divulge personal or confidential information or click on links that could introduce malware into their systems. The best line of defense against fraudsters is to keep the enemy outside the gate. Practice the same security measures you would in the office and keep the same protocols in place from an IT and information security perspective. Always use strong firewalls and secure VPN to keep malware and other compromises from happening. Prohibit forwarding business emails, especially with confidential information, to personal email accounts, as there could be hackers lurking without you even knowing.

 

3. Investigate payment instruction changes

It’s important to know how your company normally processes money movement requests. That way, you can be on alert if something seems off. “Look at anything that has to do with a payment request, whether it’s account changes or money movement, as a potential threat,” says Kautz.

Now is the time to be on top of payment fraud prevention. Validate payment request changes using known source information. Don’t reply to the email or use the phone number in the email signature. Call the company and ask if the payment changes are valid. Even if the request is urgent, have another pair of trusted eyes take a look.

Verification of transactions and changes can be challenging during a time that employees may be using cell phones. One practice that can help is doing call backs to the employee’s office number with instructions regarding verification. The fraudster will not be accessing the company voicemail, and you can avoid the trap of verifying with a fraudulent number.

Another major concern are the scams associated with government programs that have gone into place with COVID-19 relief, such as the personal $1,200 government checks and the Paycheck Protection Program (PPP) loans. “With the government programs coming out, there could be some gaps that allow fraudsters to take advantage of the system and trick our customers into giving them information or a payment,” says Kautz. The biggest tip here is to make sure payment instructions are verified.

Kautz is also concerned about communications coming out from financial institutions. For example, there may be fake communications from financial institutions stating “We care about you. Click on this link, and we’ll give you some more advice on how to handle COVID-19.” That link could be malware used for nefarious purposes.

Here are some more tips to recognize a BEC scam.

 

4. Have a strong business continuity plan and keep the lines of communication open

Make sure standard operating procedures are as seamless as possible. Have redundant processes in place for approvals and be clear about the segregation of duties or if they have changed.

Have frequent communication with employees about expectations and issues happening at the company. It’s important to try and keep employees and management connected despite the fact that they are not all together in the same office. This helps employees remain integrated and aware of issues that are coming up, says Kautz.

“These are challenging times for everybody,” says Frederick. “Due to the economically difficult times, companies are focused on keeping their businesses moving forward. Make sure you are frequently checking in on the health of your employees. If they are healthy from a mental well-being perspective, they will be more focused and productive throughout this unprecedented time.”

Related content

Increase working capital with Commercial Card Optimization

3 reasons governments and educational institutions should implement service fees

The surprising truth about corporate cards

Automate accounts payable to optimize revenue and payments

How to improve digital payments security for your health system

How to avoid student loan scams

6 pandemic money habits to keep for the long term

How to prevent fraud

Keep your finances safe and secure: Essential tips for preventing check fraud

How to spot an online scam

What is financial fraud?

Authenticating cardholder data reduce e-commerce fraud

Mobile banking tips for smarter and safer online banking

Why Know Your Customer (KYC) — for organizations

Cybersecurity – Protecting client data through industry best practices

Cybercrisis management: Are you ready to respond?

Proactive ways to fight vendor fraud

Fight the battle against payments fraud

Webinar: Approaching international payment strategies in today’s unpredictable markets.

Safeguarding the payment experience through contactless

COVID-19 safety recommendations: Are you ready to reopen?

Trends in economics, immigration and mobility policy

How this photography business persevered through tough times

How jumbo loans can help home buyers and your builder business

Prioritizing payroll during the COVID-19 pandemic

4 restaurant models that aren’t dine-in

How business owners are managing during the supply chain crisis

How a travel clothing retailer is staying true to its brand values

Opening a business on a budget during COVID-19

How a group fitness studio made the most of online workouts

How to keep your assets safe

How community gave life to lifestyle boutique Les Sol

How Wenonah Canoe is making a boom in business last

White Castle optimizes payment transactions

The latest on cybersecurity: Mobile fraud and privacy concerns

Webinar: Mortgage basics: How much house can you afford?

First-time homebuyer’s guide to getting a mortgage

A passion for fashion: How this student works the gig economy

Why a mobile banking app is a ‘must have’ for your next vacation

How I kicked my online shopping habit and got my spending under control

Money muling 101: Recognizing and avoiding this increasingly common scam

Is online banking safe?

How-to guide: What to do if your identity is stolen

8 tips and tricks for creating and remembering your PIN

Recognize. React. Report. Caregivers can help protect against financial exploitation

Recognize. React. Report. Don't fall victim to financial exploitation

5 tips for seniors to stay a step ahead of schemers

Learn to spot and protect yourself from common student scams

The password: Enhancing security and usability

BEC: Recognize a scam

Fraud prevention checklist

4 tips for protecting your business against Coronavirus-related scams

Hospitals face cybersecurity risks in surprising new ways

4 ways to outsmart your smart device

Webinar: How to stay safe from cyberfraud

Webinar: CRE Digital Transformation – Balancing Digitization with cybersecurity risk

Hospitals face cybersecurity risks in surprising new ways

Webinar: CRE Digital Transformation – Balancing Digitization with cybersecurity risk

How you can prevent identity theft

Post-pandemic fraud prevention lessons for local governments

How a bar trivia company went digital during COVID-19

What you need to know about identity theft

Authenticating cardholder data reduce e-commerce fraud

Disclosures

Start of disclosure content

Loan approval is subject to credit approval and program guidelines. Not all loan programs are available in all states for all loan amounts. Interest rates and program terms are subject to change without notice. Mortgage, home equity and credit products are offered by U.S. Bank National Association. Deposit products are offered by U.S. Bank National Association. Member FDIC.