COVID-19 and online fraud: beware of social engineering

The COVID-19 crisis has turned our way of working upside down. Teleworking has now become the norm. Unfortunately, it is also a source of inspiration for online fraud. Without realising it, your staff is opening up your company to scammers. Therefore, good cyber hygiene is essential.

Thanks to the internet (LinkedIn, Facebook, public reports, interviews, etc.), fraudsters are able to obtain a lot of information about your company and your staff, known as social engineering. The situation has been further exacerbated by teleworking and the opportunity for some employees to browse the internet more intensively and reply to surveys or other requests.

In this context, a certain degree of confidence will be built up between the employee and the fraudster. Finally, without the slightest suspicion, the employee will give in to requests that have become plausible through the accumulation of details and the psychological control exercised by the scammers.

The preparation of the attack

In some cases, the targeting and the content of certain phishing emails is so effective that clicking on an attached document containing a virus or consulting a link leading to a fraudulent website will enable cyberpirates to take control of an employee’s computer or obtain valuable information that they can use to prepare a large-scale attack.

Furthermore, taking advantage of lockdown measures linked to COVID-19, fraudsters’ techniques could become more varied leading to fears for example, of an increase in the number of false invoices sent out.

Identity theft

Experts and authorities are also noting a rise in cases of identity theft, where fraudsters use the name and reputation of big companies to order various goods and divert them for their own benefit. The risk is even greater for SMEs, which are usually “less alert” or less cautious when they check out new unsolicited and providential customers, seeing this as an opportunity to offset the fall in their sales during the health crisis.

Fraudsters stop at nothing and do not hesitate to buy domain names that are very similar to the official websites of big companies or institutions, or even to create fraudulent transport companies to take goods to an address other than that given on the order form.

What preventive actions can companies take?

Practical preventive actions are essential so as not to jeopardise the continuity or even the survival of your company’s economic activity, because the sums misdirected sometimes amount to several million euros.

1. Make your staff aware

In this context, it is vital that private and public organisations, companies of all sizes and in all sectors increase the warnings and staff awareness campaigns. This can be done, amongst other things, by means of specific (digital) training courses or by consulting the website https://www.safeonweb.be

2. Identifying fraud risks

Despite the new techniques used to detect fraud by artificial intelligence and the customised exercises created by internal or external services to test vigilance among staff, human error can never be ruled out.

The following basic reflexes must be observed:

• if an offer is too good to be true;
  
• if abnormal pressure is exerted to obtain a payment or confidential information;
  
• if the message is not written in a usual language, is not sent at a normal working time or is full of mistakes, then it is best to step back and talk to an IT or line manager.
  

The four-eyes principle must be observed for any action that could cause a financial loss.

3. Protecting your company

Euler Hermes, world leader in credit insurance and specialist in warranties and securities, also has sound experience in covering risks linked to fraud.

Would you like more information about our fraud insurance? Don’t hesitate to contact our experts. We will give you the best advice.