How to protect yourself from Internet fraud

With all the new technologies nowadays it is becoming more challenging for us keep on top of the technological advances, let alone new ways internet criminals (or often called scammers) can steal our money. In this article we will dig into a few common ways scammers can attempt to take our hard-earned dollars through emails, and also provide suggestions of what you can do (as an individual, or as a business owner) to reduce your exposure to scammers.

Before we dive into the ways scammers try to steal our information and/or money, it is important to understand the danger of stolen email addresses and passwords…  While you may think that new email accounts can be set up easily once compromised, and you can easily divert any future email correspondences to the new email addresses, bear in mind that scammers will go through your inbox and outbox for sensitive information, either to steal your money, information or your identity. Either way you may be exposing yourself to this risk.

Invoice frauds

Scammers find a way to log into your email and troll through your outbox to look for any invoices you have sent to clients. They overwrite the bank details in the pdf invoices to their bank accounts, resend the fraudulent invoices to your clients for payment. If your clients are unaware of the bank account change, they may accidentally pay into the fraudulent bank account.

The same works the opposite way where you may have received a fraudulent invoice in your inbox and inadvertently pay it to the fraudulent bank account.

Links in email

Sometimes you may receive emails from, for example, Apple ID, eBay, Aust Post etc where they ask you to “update your login details” or that your parcel has been held up and they provide you with a link to click to action on.

While there is a slight possibility that they are genuine, it is likely to be an email scam. To check if they are scam emails, check the sender’s email address to see if it is a legit email address from the organisation. Another check is if you hover over the link and see the “real” URL – if it doesn’t match with what was shown on the description in the email, then it is very likely to be a scam email. Note please do NOT click on the links provided if they look suspicious, as clicking on the link is enough for scammers to steal information from your computer.

Phishing

Your credentials can be stolen when you click on the link in an email – you will be directed to a log on page and asked to enter your username and password. The log on page will look very similar to the real website log in – the trick is to check the URL on top of the browser to ensure they are genuine.

 

Reducing the risks

Individuals & small businesses – how to protect yourself from Internet fraud?

  • It all starts with protecting your computer, laptop, tablet and mobile phone – set strong passwords to unlock your devices.
  • Have a different password for different accounts – this will reduce the chances for scammers to compromise all your accounts that have the same username and passwords.
  • Do NOT store or write down your passwords in places that are easy to see or found.
  • Backup your data often, and make sure you detach backup drive once backup is done to avoid hackers and malware contaminating your backup files.
  • It is always a smart idea to keep your software up to date – especially your virus protection software.
  • For businesses, train your staff to identify suspicious emails, as well as having procedures in place as to what to do if they find one.
  • Segregation of duties when paying invoices – it is recommended to get at least two persons involved in paying an invoice. This will provide a “double-checking” mechanism to ensure payments are made to the right bank accounts.
  • If in doubt of the details in certain invoices, contact the suppliers and confirm bank account details. It only takes a few minutes to do but it gives you the peace of mind that you are paying to the right accounts.

How to reduce risks for Xero businesses

  • Set different users for different staff – do not share usernames. It does not cost any more in the subscription for each staff to have their own logins so why not?
  • Activate 2 step authentication (2SA)  – instructions here -> https://help.xero.com/au/MyXero_TwoStepAuthentication
  • Login activity monitoring – Xero users with Advisor permissions can check login history and user activities to identify suspicious transactions – instructions here -> https://help.xero.com/au/HistoryNotesActivity
  • Notification when bank account details change for employees and suppliers – Xero will send email to all users to notify them of a bank account change. This will allow business owners to identify unauthorized bank account detail changes.
  • High risk login- Xero continuously monitor login activities and if they identify suspicious activity (e.g. sudden log in in another country), it will hide sensitive information (e.g. bank account details) temporarily and send an email with a link for the user to click on to log in to “unlock” the account.

Ongoing monitoring is required…

We all need to constantly monitor our bank accounts and identify any suspicious transactions, if you suspect you have been scammed, contact the bank immediately.

If you believe your computer is compromised by ransom ware – shut down the network and computer involved in an attempt to stop the ransom ware from spreading across your network.