Fraud targeting businesses: how to protect your data and finances

Attempts to defraud businesses are increasing and becoming more sophisticated - from emails from external and internal sources to fraudulent SMS, fake calls or imitation registers. We've put together a glossary of the most common terms associated with fraudulent behaviour and explain how to spot fraud and protect your data and finances.

Online scams and fraudulent phone calls

Phishing, smishing, quishing and vishing - while it may seem like we've randomly combined letters from the English alphabet, these are actually the most common types of online scams. Their principle is similar. However, if you understand what they mean and how they differ, you can better avoid them.

Phishing

Everyone has encountered phishing in the form of a scam email. These emails can come from external sources as well as from within the company.

In this case, the attacker who sends you the fraudulent email pretends to be:

• An authority expecting your response - typically an office, ministry, police or customs,
• A business or supplier partner - who among us hasn't received a fake request for payment of an invoice or a link to track a shipment,
• A client - a common form is a fake enquiry or request for help with a claim.

The attacker's goal is usually to obtain sensitive data from you or to get you to click on a link that takes you to a fraudulent site (which of course looks credible) or to download a corrupted file or entire software.

In the case of internal fraud within a company, the attacker usually targets top management or, conversely, impersonates the company's CEO or director of sales or finance. He demands payment of an important invoice overdue or an urgent transfer of money within the company. And he or she relies on the fact that when the employee sees an email from a supervisor he or she often doesn't even know personally, he or she will comply with the request without much scrutiny.

Fraudulent messages also target social media. This example shows an effort to steal a company Facebook page.

Smishing

Smishing is a combination of the words SMS and phishing. The principle is the same as above, but the fraudster is trying to attack you via a message sent to your mobile phone. It prompts you to fill in important information such as the CVV code from your credit card to complete an online payment or to activate a mobile key to log into your bank. All of this, of course, is to lure payment or login details from you that he wouldn't otherwise have access to - which he can then use to steal money from your card or even your entire account.

Similarly, these messages often contain fraudulent links to either log into your account, track a shipment, request an overpayment, or download an app update to your phone.

For example, this is what a fraudulent text message for tax returns looked like, sent out by scammers purporting to be from the Internal Revenue Service. The real web address of the My Taxes portal is https://adisspr.mfcr.cz/. At first glance, the message looks really plausible.

Quishing

Quishing is an even more sophisticated scam because it hides fraudulent links in a QR code. While you can see the URL in an email or SMS and can tell if it leads to the recipient's real website, the situation is more complicated with a QR code. Moreover, QR codes are very popular nowadays because of their simplicity and straightforwardness, so they can often pretend to be a pro-client move to facilitate the action you want.

Vishing

Vishing is the newest form of fraud where the initiator does not send you a message but calls you personally. Here again, they most often pose as an authority (for example, your bank or even the Czech National Bank or the police).

The calls usually have the same goal - to tell you that your bank account has been hacked and that the money needs to be transferred to another account immediately until the cyber attack is resolved. Here again, the attacker is trying to find out your bank login details or take you to (their) fake website that mimics the official bank website or app as closely as possible.

Beware that the number of the caller in this case may look like the real phone number of the institution the attacker is pretending to be (so-called spoofing).

Typical warning signs of online fraud

When you learn to spot scams, it's much easier to successfully defend yourself against them. The following five warning signs will help you do this:

How to defend yourself against online attacks

If you receive a message that looks suspicious in any way, the golden rule is: don't react. Any contact with the scammer can only make it easier for them to get their way. It's in your best interest to say NO 3 times:

• Don't reply to the message.
• Do not click on links or QR codes.
• Never give out your credit card, bank account or receipt details.

What you can do instead:

• If you are unsure about anything, contact the company or sender yourself (you already have the contact in your address book or can find it yourself on the official website).
• Take the time to check the warning signs of fraudulent messages and verify the information from your own sources (e.g. log in to your bank yourself in the usual way).
• If you have suffered damage, contact the official authorities - the bank, the Data Protection Authority, the Police and the like.

Offline scams on businesses

The offline world is not exempt from scams either. Fake official letters or invitations to register in registers, directories and business directories most often target budding entrepreneurs who have just set up a company or business. They do not yet have much experience and act in good faith in order to have the administration related to the business in order.

In the Czech Republic we have two official registers for entrepreneurs: the Trade Register and the Commercial Register. Registration in the other register is therefore purely voluntary and at the level of paid promotion, not a legal requirement.

Beware if you receive a letter with a bill for paid registration in, for example:

• Chamber of Trades,
• Czech Chamber of Tradesmen,
• European Register,
• Central Register of Companies,
• Register of Commerce and Trades,
• Business Register, etc.

Certainty in business

Fingers crossed that you can avoid fraud. And if you need help with your business, contact the professionals. We can help you set up your business properly, register it with the Commercial Register or even set up a virtual office - we have long experience and all-round expertise. We will handle the necessary administration for you and you can concentrate on developing your business.