Blog / April Fools’ Day Every Day?
Celebrating April Fools’ Day is a good way to build team spirit and have some fun with your colleagues, now more than ever. With so many of our team members working remotely we all want to create more camaraderie with our co-workers, and harmlessly respectful pranks are a great way to do just that. Unfortunately, some people don’t know when the joke’s over, and we’re not talking about that person endlessly repeating the same one-liner over and over again. In fact, we’re not talking about any one in your organization.
We’re talking about scammers. For these guys, every day is April Fools’ Day.
Now, some of you are no doubt thinking, “Doesn’t TRINUS already have a security newsletter?” Yes, we do, and you should really subscribe to it as well if you haven’t yet. But while our cybersecurity newsletter keeps you on top of the latest viruses, malware, and other threats to your information security, we’d like to take this perfectly timed April Fools’ Day to talk to you about some of the other trickery clever scammers can use to make you into the fool.
You’d be surprised how many businesses fall for this straightforward scam, and how consistently it works. The scam is exactly what it sounds like; someone counterfeits an invoice from one of your vendors, hoping you’ll pay it. Like phishing emails (that look very realistic), a counterfeit invoice might be virtually identical to it’s real version, making it nearly impossible to recognize that the destination account number might be off by one or two digits.
That doesn’t make identifying and defeating counterfeit invoices impossible, and the first line of defense is knowing about it beforehand. Many people think fake invoicing is inconceivable and no business or bank would ever let it happen, when in actuality it is far too common. Let your team know invoice fraud is real, prevalent, and effective. Then, teach them how to combat it by watching out for invoices from new or unknown vendors, large increases in the number of invoices coming from a vendor, and to double-checking any invoices that appear to be duplicates or are for totals that squeak under your approval limits. For example, if you’ve implemented a rule saying only invoices over $500 need approval, you should be double-checking any that come in for $499.99, as it’s possible someone’s trying to slip a bad invoice in under the radar. You should also be using 3-way matching to match up purchase orders, invoices, and receipts, as most scammers won’t go so far as to create three separate documents.
The TechSupport Scam
We’re not big fans of any kind of scam, but this one in particular is especially frustrating to hear about, hopefully for obvious reasons. Scams that take advantage of people who aren’t quite tech-savvy are insidious because they manipulate the trust that is generated when someone is under the impression you’re helping them in order to defraud them. For this scam, the impersonator calls or contacts (possibly via email) their target pretending to be from the tech support department of an established IT company. Many of these impersonators will call from overseas call centers and pretend to be from large corporations like Microsoft, but some really clever ones will actually impersonate local tech companies for added believability. Once the scammer has you on the phone, they warn you that they’ve received a notice that your computer has been compromised and they’ll need remote access to fix the problem. Unfortunately, once they have access to your computer, it’s pretty much game over.
Fortunately the solution is simple; get to know your IT team. Don’t try handling unexpected problems yourself, and call us whenever you’re warned something might not be right. The best way to spot an impersonator is to know the people they’re trying to impersonate. Familiarize yourself with your IT contacts and get to know their voices, because that’s actually something we do. You see, this scam can actually work both ways. We love getting to know our clients just for the sake of it, but doing so also makes it significantly harder for someone to impersonate you if they were to try and hack us.
For larger companies, it’s unrealistic to expect everyone to know your IT teams’ voices, so make sure you have a standard support process in place and don’t deviate from it. Having a solid process will help employees recognize inconsistent support practices that could be leading to a scam. If you’re unsure, tell the caller you will call them back. Hang up and dial the correct number for your trusted IT provider—not the one the caller gives you.
Courier’s coming to the door with unexpected goods can be a sign of impending disaster. In fact, if you’re getting a delivery you weren’t expecting, you should immediately start investigating your accounts. The delivery scam involves a package with a high value item, like a phone, high-end video card, or other expensive item, being delivered to your offices with your name on the box, but without you having actually ordered it. Later, a courier returns to take the delivery back, explaining that it was delivered or shipped in error. Since the victim has no memory of ordering the item they’ll assume the courier is telling the truth and the delivery really was a mistake, then hand the item over.
Unfortunately, that second courier was likely an impersonator who failed to intercept the package just outside your office doors or in the building lobby. Worse yet, you didn’t give away a package; that was just the last step of a scam that is now complete. The real danger here is that someone almost certainly has your sensitive information and has been using it to order themselves goodies. If your business (or you personally, for that matter) ever receives an unexpected package, don’t waste any time before starting your investigation and re-securing all your accounts. And don’t give the package back to anyone until you’ve confirmed a legitimate delivery error.
Falling victim to a scam isn’t nearly as much fun as falling victim to an April Fool’s prank, and not all IT scams are straight up cyberthreats coming at you from digital channels. The unfortunate truth is that scams can come from almost anywhere and take almost any form in their effort to part you from your money or valuables. Fortunately, on the other hand, these are fairly simple scams to watch for that can easily be defeated with a few updates to policies or just knowing what to watch for. Then you can start pranking your work pals without worrying about who the real fool might be.
The TRINUS team