In 2021 alone, the Canadian Anti-Fraud Centre showed $207 million lost to fraud. Cybercrime is a serious threat to small businesses. Learn how to proactively protect your business by keeping a sharp eye out for a common scam: email spoofing. This article first appeared in the August edition of the Business Examiner. Read the online article here.

Email spoofing is a form of cyber-attack in which a hacker sends an email that has been manipulated to seem as if it originated from a trusted source. The goal of email spoofing is to trick recipients into opening or responding to the message, allowing the fraudster to do things like take over online accounts, install malware or steal funds.

Make sure you train your staff to spot the telltale signs of this kind of fraud. An email spoof may:

• appear to be coming from a co-worker or a trusted vendor
• utilize an email address that looks like an actual email address (e.g., changing one letter in the address)
• request to issue a wire transfer or change payment details currently on file
• include a link for a webpage with request to enter login information (e.g., Office 365)

It’s good practice to always confirm transaction requests or payment arrangement changes via an alternate channel like the telephone, particularly if the transaction is unusual or unexpected.  Don’t attempt to verify using the same email the request came from.

You can also:

• watch for emails that are marked in Outlook as [External], but appear to come from a co-worker
• watch for requests that appear to come from co-workers, requesting you to purchase gift cards for them and send them the gift card codes
• watch for unsolicited emails - particularly if you are asked to provide information or initiate a transaction
• be wary of any communications which involve free merchandise
• be wary of any communications which involve threats of service disruption/funds loss if actions are not taken
• avoid clicking on unexpected/unsolicited links or opening attachments

If you suspect you’ve been caught by a scam, it would be prudent to run virus scans on all your devices/computers, change passwords to your email using a clean device/computer, and contact your financial institution to let them know.

The bottom line is that if something seems out of the ordinary, verify it. It may take an additional few minutes, but it could save you a large loss to your business.