Fraud is now the most common crime committed in the UK, and your business isn’t immune. Business Fraud in the UK has hit a 15 year high, with financial services fraud quadrupling year on year according to BDO accountants.

Fraudsters are innovating quicker than businesses in the UK can keep up with on their own. Do you think your business is secure? With technology becoming more sophisticated and methods to fight traditional fraud increasing – scammers are finding creative ways to cheat your business out of money. Cyber Criminals understand humans are easily manipulated, hence employees being responsible for the most significant chunk of reported fraud, totalling £474m.

1. Phishing

    What is it?

Phishing is the means of manipulating individuals to perform specific actions or give out personal information. It is a widely used and effective means of gaining access to secure systems and obtaining sensitive data about individuals and businesses.

The crime has evolved from shoddy emails and letters to well-crafted assaults via e-mail, telephone and text message. Gone are the days where you would receive an email or letter from a wealthy distant relative who wants to leave you money. Now, this has evolved into socially engineered attacks based on research and psychological manipulation.

Criminals are becoming increasingly creative, making use of the mass amount of information available online against businesses. When you look at the details people are willing to share on social media it is hardly surprising criminals find a way to manipulate your openness. It’s easy to use the information you’ve posted about your personal life as a commodity to go phishing.

    Example

At the beginning of the tax season last year in the United States, a spear-phishing attack had devastating consequences. This was based on getting hold of W-2 forms, which contain all the information that identity thieves are looking for: full names, addresses, identification numbers and more. The W-2 Phishing scam involved cybercriminals sending out well-crafted fake emails, made out to be sent from high up executives.

By March 2017, the scam had compromised more than 120,000 employees at more than 100 different organizations.

    How to prevent it

Usually, scammers create fake email accounts that essentially mimic real ones, traditionally modelled on senior leadership in a given organisation. The emails tend to change one digit from a real one and often go undetected. For example, Kathy.April@Smile-Pass.com is the legitimate email from a senior leader, but criminals will become Kathy.April@Smile-Pas.com. Staff tend to miss, especially from someone familiar. So always make sure you are diligent to email addresses. It’s also worth noting, banks and government do not ask for personal details or sensitive information via email – always question any information requests. You should make sure your staff are aware of the most common phishing scams and train them to be able to spot these.

2. BYOD

    What is it?

With flexible working becoming increasingly popular, fewer businesses are providing company-owned devices with more favouring employees bringing their own devices (BYOD). BYOD is having an impact on mobile security as its introducing risks to data loss and data protection. It is a complex development for senior leadership as BYOD can lead to cost savings, employee satisfaction and increased productivity. Devices employees bring tend to be more advanced than equipment deployed by IT departments.

The drawbacks that come with BYOD are mostly felt by small to medium organisations who don’t have the in-house resources to be able to protect themselves against the risks. Although an attractive business model in many ways, data security has been tagged as the number one concern for CEOs. Devices can be lost, stolen and compromised and businesses have little to no control over the impact of it.

    Example

Possibly one of the most devastating examples of BYOD going wrong was in 2012 when a US doctor lost his laptop. This laptop contained sensitive patient data, exposing both the company the Doctor worked for and the patients they are responsible for looking after. Following this incident – the company was hit with a $1.5 million fine.

The fine was just one hit for not encrypting data and ignoring the need for a BYOD policy. The impact extends much further, damaging the reputation of the business and brand image at just a start.

    How to prevent it

Ignoring the potential risks associated with BYOD does not make them go away. Mitigate the risks and capitalise on the benefits by ensuring you have a BYOD policy in place to secure your business. Any device that contains sensitive information must have several layers of security. Use strong passwords, biometric passwords, encryption and other security measures to ensure sensitive data and files are secure.

Having appropriate controls is integral to protecting your business against any malicious attacks and security breaches. Embrace the move towards BYOD if its suitable for your business but educate your employees on how to protect their devices and configure them in-line with your security practices.

3. Malware/Botnets

    What is it?

A botnet is a collection of internet-connected devices that are corrupted or hijacked to carry out malicious activities. Devices can become infected by visiting a malicious site, it then automatically downloads malware completely undetected. Once the malware is downloaded, it takes over the mobile or laptop.

For businesses, its critical to keep an application running for your business to function. Hackers know this and target this weakness through distributed denial-of-service (DDoS) attacks. These attacks are an attempt to disrupt traffic of a targeted server, service or network by overwhelming the target or its infrastructure with a flood of Internet traffic using bots. It is difficult to prepare for these attacks as they are so unpredictable, and this makes these attacks attractive to criminals.

    Example

Just a few months ago, GitHub, the world’s largest software development platform was taken offline by a botnet attack. The attackers initially spoofed GitHub’s IP address and then took control of memcached instances that GitHub said are “inadvertently accessible on the public internet.” The result was an insane amount of incoming traffic for GitHub. The attackers then demanded a $17,000 ransom from the company. Thankfully they acted fast, bringing in specialists who mitigated the attack and got GitHub online after 10 minutes

DDoS attacks are increasingly common; you’re sure to hear more about them this year. Last October, for example, the UK National Lottery confirmed a DDoS attack was behind an outage that took its website and mobile application offline for more than an hour during peak time. These attacks can create massive losses and damage your company’s brand image.

    How to prevent it

Though a relatively new threat as the first botnet attack was five years ago, there are ways you can manage the risks. It starts with being able to detect and analyse anomalies. Your cybersecurity teams need to be able to interpret and learn from new attack patterns and tech. With the help of machine learning and AI, organisations can more easily evaluate attacks and device ways to mitigate them and the fallout. It’s also essential to train your web application firewall (from recent attacks) to flag suspicious traffic and block it if required.

Criminals seem to be adapting and coming up with new ways to attack businesses every day. It’s important to be aware of the cybersecurity threats your business faces and become familiar with frequent attacks. Educating yourself and your staff is key to beginning to protect yourself from the risks associated with cyber fraud. Undertaking training, downloading security software and having stringent security policies in place keeps you ahead of the scammers. Remember that criminals are always innovating, finding new ways to commit fraud and learning about you. To keep up, you need to be doing the same.

SmilePass offers a solution that helps businesses fight fraud using biometric authentication as a way to stop criminals in their tracks and keep you secure. Our platform gives the answer to many fraud challenges using one revolutionary platform at a low cost. Find out how we do it here.