See More: Articles
Fraud Threats Facing Today’s Businesses
Mar 5, 2013
It’s fascinating to watch people traveling today. As you walk through an airport, every piece of technology is on display – laptops, tablets, smartphones, notebooks, Kindles, iPods and more.
Most business travelers are in direct contact with their offices or co-workers. People have anything from their boarding passes to their credit cards with them via their smartphones. Anxiety over losing your wallet has been replaced by panic over losing your cell phone.
Because we carry all this data and confidential information with us wherever we go, we expose ourselves and possibly the organizations we work for in ways most never dreamed possible a few short years ago. Threats facing companies have transformed in the Information Age. Here are a few of the latest that could pose a risk to you or your organization.
Data thieves have become more creative as this tactic has matured. We’ve all received spam emails telling us to click through links that either infect your device with a virus and harvest information, or try to persuade you to divulge critical bank or credit card information.
Now, emails are Photoshopped to look like they are generated by your bank, credit card or even the IRS. They are quite convincing as they tempt you to “click through.”
Even the email addresses they send appear legitimate. They tempt victims by offering just enough personal information to gain their confidence and persuade them.
The latest one involves LinkedIn connection requests via email. LinkedIn members are receiving invite requests from fraudulent individuals who are nearly impossible to distinguish from legitimate ones. Unfortunately, once they click on the “accept,” it takes them to another site that infects their machine/device with a virus.
Hackers are using information publicly available and calling into employees of targeted companies. They gain the victim’s confidence by using the knowledge they gleaned and convince them they are working with their IT administrators.
Before long, unknowing and trusting employees are giving up their network login and passwords to these hackers, who then gain access to the organization’s network.
Once there, the hackers start harvesting critical customer information that can be sold on the black market (Social Security numbers, bank account information, etc.). The strongest network security safeguards can be defeated easily by the unintended actions of these employees.
Perpetrators today either hack into accounts to wire funds illegally or use deceptive practices to steal money via wire transfers.
Victims range from mid-sized companies to individuals selling goods online. One of the most common means is for a potential customer to pay by check and immediately request funds back via a wire transfer. Once it’s realized that the check is worthless, the funds have passed through a stream of international banks and disappears.
Debit, Credit and Gift Card Fraud
Another area of concern that is constantly evolving is payment by electronic means.
A few years ago, data thieves found easy ways to steal gift card information from retailers who were openly displaying gift cards in their checkout aisles. As unsuspecting purchasers were activating them, their balances were being swiped by thieves who had previously absconded with the necessary card information.
After that loophole was closed, thieves got bolder and migrated to credit and debit cards. Numerous retailers and restaurants have been victimized in the past two years by hackers who have placed hidden card scanners on merchants’ terminals or on wait staff, who electronically transmit information immediately off-site.
As smartphones have become more popular, more vital information is being stored on them. Hackers are gaining access to phones via Bluetooth or other open Wi-Fi networks to steal information or send malware and viruses to connected devices.
Phishing of text messages is becoming more common. But even as hacking has become more prevalent, the greatest risk of data loss is still from lost or stolen phones.
Technology equipment continues to evolve, becoming smaller, faster and more powerful. Computers, servers and cellular phones are quickly becoming obsolete and replaced.
Unfortunately, much of the data on these devices continues to exist even after it is deleted. This opportunity continues to be exploited by thieves. Properly disposing of unwanted technology devices is becoming a critical component of security plans within organizations and should start to be considered by individuals as well.
In the not-too-distant past, confidential information could be locked in file cabinets, file rooms or record vaults. Paper shredders were routinely used in offices and homes.
Today, millions walk around with confidential company information, emails, network access and even their own personal banking and credit card information right on their cell phones.
Safeguarding this data from thieves should be a central focus for both organizations and individuals using this technology.
Amy is more than an auditor for CFED. She is a valuable business advisor helping us navigate through complex regulations and opaque guidance.
Adnan Bokhari | Chief Financial Officer
The Corporation for Enterprise Development