EN
Select a Category:
Fake Invoice Scam
In this scam, businesses are typically sent an email with a fake invoice, claiming to be from a company that they do business with, informing them of a bank account switch and to re-direct their payments to the “new” account number. Many of these “invoices” appear at first glance to be legitimate bills, and may include threatening or confusing legal jargon to create a false sense of urgency to pressure recipients to make quick payments.
Protect Your Business
Employees responsible for processing payments should remain vigilant and watch for changes to payment instructions. If you are suspicious about whether a supplier has truly changed their bank details, call them directly to confirm bank details over the phone.
Review all invoices closely. Never pay an invoice unless you know the bill is for items that were actually ordered and delivered. Tell your staff to do the same.
Always check order details, confirm the validity of the customer, and verify the information on invoices before transferring any funds.
Before doing business with a new company, search the company’s name online with the term “scam” or “complaint.” Read what others are saying about that company.
Business Email Compromise (BEC)
A business email compromise (BEC) is an exploit in which the criminal impersonates a senior executive at a company, either by gaining access to their corporate email account or by creating a fake one. Through the use of social engineering tactics and research, often through social media, the criminal will craft credible emails and send them to someone within the company who likely has the authority to move money in hopes of tricking them into transferring money to a fraudulent account.
Protect Your Business
Educate your employees about these types of scams and advise them to be skeptical of urgent or suspicious requests made by email.
Be mindful of what you share on social networking sites. Criminals can use these sites, and your website, to gather information about you that they can repurpose to target your company.
Remember that email addresses and websites that look legitimate are easy for criminals to fake. Stop and think about whether it could be a scam before you click.
Don’t rely on email to coordinate fund transfers. Have an additional communication process in place that requires face-to-face communication or a phone call to verify the request is legitimate.
Spear phishing
Spear phishing is an email spoofing scam where criminals target a specific organization or employee with tailored messages, to gain unauthorized access to sensitive information, funds or computer systems. In a spear phishing scam, people within a company receive an email asking them to provide the sender with confidential company information. The email will look like it came from someone within the company, so they are more likely to trust them.
Criminals can gather information – typically via social networking sites – about their targets, like: email addresses, job titles, and interests, etc., and use it to send convincing, but fraudulent emails.
Protect Your Business
Train your employees to know what to look for. They should learn the importance of protecting the information they regularly handle to help reduce exposure to the business.
Confirm any email requests that you’re not expecting with the sender directly, even if the request looks like it’s coming from someone within the company
Ensure the appropriate security measures are in place within your company. Consider: firewalls, antivirus, email filtering, etc.
Put privacy settings on your social media accounts to limit who can see them, and keep details about your business to a bare minimum.
Ransomware
Ransomware is a form of malicious software (malware) that enables cyber criminals to remotely lock down files on your computer or mobile device. The criminals will use the ransomware to extort money from you before they restore your access to the files. A computer can be infected by ransomware a number of ways but most commonly it involves victims clicking on a malicious link or attachment received through a phishing email. Once infected victims will see a "ransom" note which is often designed to scare or extort the victims into making payment.
Protect Your Business
Backups are used to restore lost or damaged files. Backing up data will help ensure that your business is able to recover quickly and completely when a system crash, data corruption or when other setbacks happen.
Train employees to avoid clicking links or opening email attachments from emails that are unsolicited and from unknown sources
Ensure your software is up to date. Regularly schedule scans and install updates and patches to improve security.
Manage the use of privilege accounts. Give administrative privilege only to those who need it in order to limit exposing your network to malware.
Small Business Resources
Articles
- How to Plan for and Manage a Cyber Security Crisis
- Three Ways to Protect Your Business from Cyberfraud: Podcast
- Today Small And Medium Businesses Need Outsized Cybersecurity
- Get Cyber Security Working for Your Small to Medium Business
- It's Fraud Awareness Month: 5 Cyber Safety Tips to Protect Your Business
- Your Business Has Been Hacked. Now What?
Need to Report Online Fraud?
Call Us
If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, call us immediately.
If you believe your confidential information may have been stolen or obtained by a fraudulent party either online, by telephone or through any other means, call us immediately.
Report ID Fraud
If you think you are a victim of identity fraud and you are an RBC client
If you think you are a victim of identity fraud and you are an RBC client
Email/Website Fraud
If you have received a suspicious email or accessed a fraudulent RBC website
If you have received a suspicious email or accessed a fraudulent RBC website