Every individual and business is a potential target for fraud, regardless of personal attributes or industry. In a recent report, the Government of Canada revealed that Canadians lost over $405 million to fraudulent activity from January 2014 to December 2017. However, the report also found that only five percent of fraud is reported, as consumers often feel embarrassed and businesses want to avoid appearing vulnerable or damaging their corporate image. We’ve compiled a few ways to identify fraud and how to responsibly report suspicious activities, to help protect us all.
Types of fraud
According to an annual fraud survey commissioned by CPA Canada, 71% of those surveyed expressed concern about identity theft, and 76% feared Canadian businesses are vulnerable to cyber attacks that could compromise personal data.
With the speed of evolving technology, even the most tech-savvy individuals are at risk these days, with fraud integrating itself into debit and credit card tapping devices, smartphone apps, and fake online shopping websites.
Doretta Thompson, director, corporate citizenship with CPA Canada, stresses the importance of only using trusted websites and reputable payment processors to make financial transactions. “You are your own best gatekeeper when it comes to protecting your personal information,” she says. “Be extremely cautious about what information you share online. Fraudsters are always looking for personal data.”
The rise of phishing and spear phishing
While being selective about sharing personal information online may seem simple, fraud tactics have become extremely sophisticated and many Canadians have fallen victim to phishing and spear phishing.
Many people are likely familiar with phishing, where cybercriminals contact victims by phone or email, using various strategies to extort money. This could include claiming to be calling from a financial institution, and requesting to update the customer’s personal banking information. In other situations, a legitimate-looking email with the company’s logo is sent, but when the reader clicks on an embedded link to update their personal information, they’re brought to a fraudulent site.
Spear phishing, which was noted as one of the top ten scams in 2017 by the Better Business Bureau (BBB), has taken this strategy further by targeting businesses. Cybercriminals infiltrate themselves into a company’s electronic system, often gaining access through an employee’s email. This can be done by sending an email that appears to be from a service provider such as Microsoft, requesting the user to click on a link to update their account.
Once cybercriminals have worked their way into an employee’s email, they gain access to email conversations and other confidential information that can inform them of how the business operates. It’s at this point, that fraudsters can trick employees into sending company funds.
For example, a cybercriminal can pose as a vendor that the business owes payment to, and request that the business sends its payment to an “updated” account. A Canadian university was recently scammed out of $11.8 million using this fraud scenario
Investment fraud: Who is most vulnerable?
Many Canadians have also fallen victim to investment fraud, sometimes losing significant amounts of their savings. While seniors have often been targeted, the British Columbia Securities Commission (BCSC) recently uncovered that one in four British Columbians are vulnerable to investment fraud, and that vulnerability is highest among younger people (ages 18 to 34), particularly females.
These statistics were gathered after BCSC surveyed over 500 BC residents to gage their reaction to a fictional fraudulent investment offer. This “offer” possessed some glaring characteristics of fraud, including the promise of high “guaranteed” returns and “no risk”.
The types of fraud discussed above are just a few of many. The Government of Canada’s report, “Fraud Facts – Recognize, Reject, Report Fraud” takes a deeper dive into different types of fraud Canadians should be aware of.
March is Fraud Prevention Month in Canada, and Canadians are encouraged to educate themselves on how to identify fraud and take action against it. In addition to the Government of Canada’s report, BCSC has a number of online resources available on its InvestRight website, such as an online quiz, how to research an investment advisor, and how to report fraud.
CPA Canada has also published Protecting You and Your Money: A Guide to Avoiding Identity Theft and Fraud, to help provide guidance. CPA Canada advises Canadians to report any suspicious activity to the Canada Anti-Fraud Centre.
The best way to protect yourself and your business from fraud is to be proactive. The resources provided above are great tools to educate yourself and your team on possible fraud scenarios, and some added steps you can take to increase security in your organization.
For example, picking up the phone to speak with a vendor who has emailed you to update their payment information is a way of adding a second layer of security. By working together, we can help reduce the impact of fraud on individuals and businesses in Canada.
Vince Kanasoot is a communications specialist with the Chartered Professional Accountants of British Columbia.