News & Resources

Blog

Latest Insights
Press Releases
Latest Insights

Fraud Awareness: Social Engineering

by Cambridge Global Payments | April 16, 2020

Cambridge Global Payments is a major participant when utilizing the financial system to effect and promote the business interests of our customers. As such, we understand and take our role in ensuring that we and our customers can confidently operate efficiently and securely seriously.

It is possible to detect and prevent fraud. Regardless of how secure your business is, it is often the human element that falls prey to social engineering methods. While you cannot discount the human element, you can learn to anticipate how employees and colleagues might fall victim to social engineering tactics and develop measures to mitigate the risk.

Nefarious characters will go to great lengths to educate themselves on the inner workings of your business, your activities, your processes, and employees.

Wire and Email Fraud are highly successful and lucrative for fraudsters and are relatively easy to pull off with a little research and clever tactics. The first step in risk mitigation is to understand the most common types of social engineering scams that have befallen many businesses.

Some common social engineering tactics are Caller ID and Email Spoofing. It is relatively simple to make an email or caller ID appear

to be legitimate or seemingly match one that you/your employees are used to seeing on a regular basis.

That email from your vendor asking you to update the bank account information appears completely legitimate – doesn’t it? Or that email from your company President asking you to send funds to him while travelling?

If it was fraudulent, your firewalls and security features would catch it right? You could be very Wrong!

Unfortunately for several businesses by the time a scam has been detected, it is far too late.

Pretexting. Criminals create a false ‘pretext’ for contacting one of your employees. They may pretend they are a prospective supplier, research firm, bank or government agency asking for the names of employees, banking information, login credentials or something seeming equally as innocuous. Any information they gain can thereafter be used to build a profile which in turn allows the fraudster to pose as an employee and ultimately gain access to your business, personal or financial information, your systems or customers. They may move on to scam your business using Caller ID or Email Spoofing.

Phishing [pronounced Fishing] is a very common online scam. An email is sent with the intent to manipulate the recipient  into disclosing personal, business or financial information. Typically, these phishing scams attempt to play on emotions or sympathies. They will stress an urgency and will contain a link often accompanied by a deadline date for you to access and input your information. By disclosing any of these details you are essentially putting the fraudster a  step closer to accessing your accounts. Fraud can have far reaching and devastating impact to your life or business. A legitimate urgent situation would never require anyone to send personal, business or financial information by accessing a link.

Characteristics and Behaviors to always be aware of:

  • Text contains incorrect spelling, phrasing or grammar or uses wording that is uncharacteristic
  • Customer is difficult to contact and prefers email communication
  • Email address differs very slightly from that which you are used to
  • Email domain is different from that which you have historically used or is from a free service provider such as Hotmail or Gmail when it should contain a business domain
  • Transaction may be inconsistent with historical transactions
  • Contact applies significant pressure for the deal to be processed prior to receiving full verification
  • Unexplained sense of urgency and a willingness to accept shortcuts
  • Unexpected changes to payment or beneficiary details

How do you protect your business? We recommend taking steps similar to what Cambridge does. Awareness and Training are key. Employ tactics that are designed to verify and validate the information your employee is receiving, before making any changes to payment details.

If you receive an email request to alter banking information, phone your contact at your vendor’s company to verify that banking information has been changed.

If you receive a phone call requesting a change to banking information, take the time to place a phone call to the number you have always used for your contact – not the phone number that just appeared on caller ID when the request to change banking information was received – and verify that banking or payment details have changed. You may just learn that your or your vendor’s email or phone network have been compromised, and by taking the few minutes to verify the information you have just saved you and your vendor  from being scammed.

 

“Cambridge Global Payments” is a trade name, which in this document refers specifically to one or more of these legal entities: Cambridge Mercantile Corp., Cambridge Mercantile Corp. (U.S.A.), Cambridge Mercantile Corp. (Nevada), Cambridge Mercantile (Australia) Pty. Ltd.

Cambridge Global Payments (“Cambridge”) provides this document as general market information subject to: Cambridge’s copyright, and all contract terms in place, if any, between you and the Cambridge entity you have contracted with. This document is based on sources Cambridge considers reliable, but without independent verification. Cambridge makes no guarantee of its accuracy or completeness. Cambridge is not responsible for any errors in or related to the document, or for damages arising out of any person’s reliance upon this information. All charts or graphs are from publicly available sources or proprietary data. The information in this document is subject to sudden change without notice.

Cambridge may sell to you and/or buy from you foreign exchange instruments (including spot and/or derivative transactions; both kinds are here called “FXI”s) covered by Cambridge on a principal basis.

This document is NOT: 1) Advice of any kind, or 2) Approved or reviewed by any regulatory authority, or 3) An offer to sell or a solicitation of an offer to buy any FXIs, or to participate in any trading strategy.

Before acting on this document, you must consider the appropriateness of the information, based on your objectives, needs and finances. For advice, you must contact someone independent of Cambridge.

Certain FXIs mentioned in this document may be ineligible for sale in some locations, and/or unsuitable for you. Contact your Cambridge representative for further information regarding product availability/suitability before you enter into any FXI contract.

FXIs are volatile and may cause losses. Past performance of a FXI product cannot be relied on to determine future performance.

This document is intended only for persons in Canada, the US, and Australia. This document is not intended for persons in the UK or elsewhere in the EEA. In Australia, this publication has been distributed by Cambridge Mercantile (Australia) Pty. Ltd. (ABN 85 126 642 448, AFSL 351278); for the general information of its customers (as defined in the Corporations Act 2001). This entity makes no representations that the products or services mentioned in this document are available to persons in Australia or are necessarily suitable for any particular person or appropriate in accordance with local law.

Fees may be earned by Cambridge (and its agents) in respect of any business transacted with Cambridge.

The document is intended to be distributed in its entirety. Unless governing law permits otherwise, you must contact the applicable Cambridge if you wish to use Cambridge services to enter a transaction involving any instrument mentioned in this document.

© Copyright 2018, Cambridge Mercantile Corp., ALL RIGHTS RESERVED. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, on any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of Cambridge Mercantile Corp. See www.cambridgefx.com for contact details.