Skip to main content

Protect Your Business: 5 Common Fraud Scenarios to Watch Out for in 2024

By Royal Bank of Canada

Published March 4, 2024 • 6 Min Read

More and more businesses have invested in fraud prevention technology to help protect their data, their employees and their customers from cyber threats. However, companies remain vulnerable thanks to a common weak point – its people.

Although your defenses today may be stronger than ever, modern cyberattacks against businesses use an element of social engineering to gain a foothold. In other words, they tap into the vulnerabilities of the people working with or for your business to steal money, data or both. After all, people are busy and typically eager to please – and may respond to an email without giving too much thought to who sent it, why they’re asking for something slightly unusual or whether the link is safe to click. 

That’s why it’s important for employees to be aware of some of the common ways they could be tricked into giving up a piece of information that would be useful to a cyber-criminal.

“In this era where cybercriminals increasingly target the human psyche through sophisticated social engineering tactics, technology can fortify your defenses but it’s the vigilance and awareness instilled in your employees that serve as your human firewall and your frontline of defense. You can invest in the most advanced technology available, but without adequately trained staff, your defenses remain vulnerable to exploitation.” 

– Michael Argast, Co-founder and CEO of Kobalt.io

Here are five fraudulent social engineering tactics that target businesses:

1. CEO Imitation Fraud

In this case of fraud, a scammer hacks into the email of an owner, CEO or other high-ranking executive and sends a fake email to an employee requesting a financial transaction be made. Typically, they will ask to change the routing information for an account or make an out-of-the-ordinary deposit or transfer.  

Because the fraudster has been monitoring email activity, they know when the executive is out of town and that the request can’t be verified face-to-face. By the time the executive returns, the money has been sent to a fraudster’s account and is gone.

2. Payments Fraud

Payments fraud happens when a fraudster pretends to be a client of the business and calls in to change payment details. Clever fraudsters who have done their research will know when key employees are out for lunch and the person covering the phones isn’t as familiar with clients or procedures. Once payment details are changed, subsequent payments will get directed to the fraudster’s account, instead of the vendor’s.

3. Cheque Fraud

While cheque use has been declining over recent years, many Canadian businesses continue to use cheques – in fact, Canadian banks still process over 1 billion cheques annually.

Cheque fraud can take a few different shapes, but the most common instances involve the theft of cheques, the creation of counterfeit cheques or changing the name or amount on a legitimate cheque. Cheque fraud can also be an inside job – without robust processes in place, employees can steal company funds by intercepting, forging or altering a cheque.

4. Bank Impersonation

If someone calls claiming to be from your bank, the natural tendency of an employee is to answer their questions, right? This behaviour is something fraudsters count on in a bank impersonation scam. This is when someone calls claiming to be from your bank or merchant’s fraud department and asks for a token value or secret SMS code that’s about to be sent. In reality, the caller is a fraudster who has access to company credentials or credit cards and is trying to trick an employee into giving up a two-factor authentication code so they can steal funds or make a purchase.

5. Overpayment scam

In this scam, a fraudster will first engage a company and request a quote for services. Once the quote is sent, they will pay for the service up front.

The catch is, the cheque is made out for more than the invoice amount. The fraudster then contacts the company and advises of the overpayment and requests that the excess funds be returned. The employee, being helpful, accommodates the request and sends the money before the company detects the original cheque is fraudulent. 

How to protect your company

With each of these scams, your employees, vendors or partners could be unwitting targets that help fraudsters trick you out of valuable property. Educating your employees about fraud types and tactics is therefore a crucial step to keeping your company safe.  

Here’s what you can do to reduce the vulnerabilities that can lead to fraud:

Proactively educate your employees

Train your staff to detect phishing, smishing and other messaging lures. Training should be ongoing to keep employees informed and that they need to always be vigilant. For example, Kobalt.io offers a user education program that includes cybersecurity awareness training as well as phishing simulations to keep your team alert and up-to-date on the latest scams.

Install processes that protect staff

The right processes can help stop fraud before it happens. For instance: 

  • Every employee should have their own login

  • Credentials should be secured so they are not inadvertently shared

  • Confidential information should not be provided to anyone without first validating the request through a phone call or face-to-face contact

  • Employee access should be limited to only those who need it to do their job

  • For sensitive or high-risk operations, separate responsibilities to two or more people – for example, a financial transaction can have both an initiator and an approver 

Support employees with the right technology 

  • Use malware detection software on devices, even home and personal devices if they are used to check work emails or access applications

  • Implement a practice that work applications or systems can only be accessed using encrypted networks

Ongoing investment into your company’s cyber security is essential to protect your business. Just as important, however, is regular training, education and process updates to ensure your employees become an extra layer of defense against fraud.

More Resources

icons/icon-digital-banking

RBC How to Protect Your Business website

Learn about common scams and what you can do to protect your business.

icons/icon-secure

Download template

Download the free RBC Cyber Crisis Management Template.

icons/icon-shield

Download white paper

Learn how to create a ransomware resilient business.

icons/icon-forms

Download our Little Book of Big Scams

Get your guide to fraud prevention for small to medium-sized businesses.

This article is intended as general information only and is not to be relied upon as constituting legal, financial or other professional advice. A professional advisor should be consulted regarding your specific situation. Information presented is believed to be factual and up-to-date but we do not guarantee its accuracy and it should not be regarded as a complete analysis of the subjects discussed. All expressions of opinion reflect the judgment of the authors as of the date of publication and are subject to change. No endorsement of any third parties or their advice, opinions, information, products or services is expressly given or implied by Royal Bank of Canada or any of its affiliates.

Share This Article

Topics:

Cyber Crime Cyber Security Cyber Tips