How Can Businesses Avoid Cyber-Fraud Tactics

Legal advice
Written By Nathalie Pouderoux

In today's digital age, online scams are increasing, posing significant threats to both individuals and businesses. According to the FBI's Internet Crime Complaint Center (IC3), the financial losses incurred due to online scams are skyrocketing each year. 

In 2022, the total losses as a result of online scams increased from $6.9 billion to over $10.2 billion emphasising the need for heightened cybersecurity measures.

Common Cyber Fraud Scams

Businesses, in particular, must be vigilant against various cyber fraud tactics that can compromise sensitive information and financial assets. Among the prevalent scams, employment scams targeting job seekers stand out. Fraudsters create fake companies with fictitious employees and entice individuals with promises of lucrative pay or easy employment terms, leading to the theft of personal information during the fake onboarding process. 

Furthermore, tech support scams have surged, with scammers posing as representatives of well-known brands to offer unnecessary assistance, causing substantial financial losses. Social media scams are on the rise, becoming the "weapon of choice" for cyber fraudsters. 

The Case of Booking.com

Booking.com customers are facing an increasing threat from hackers who are actively seeking victims on dark web forums. Cyber-criminals are offering substantial sums, up to $2,000, for login details of hotels, and since at least March 2023, customers have fallen prey to fraudulent schemes, with money being sent to criminals instead of legitimate bookings. 

While Booking.com itself has not been hacked, cyber-security experts reveal that criminals have found a way to breach the administration portals of individual hotels using the service. The attackers employ deceptive tactics, tricking hotel staff into downloading malicious software by posing as former guests who left personal items in their rooms. 

Once compromised, the hackers gain access to Booking.com portals, enabling them to identify and deceive customers into making payments to fraudulent accounts. The success of this scam has prompted hackers to offer financial incentives to others who share access to hotel portals, creating a concerning cycle of cyber fraud. 

How Can Businesses Protect Against Cyber Fraud?

Businesses can protect themselves by implementing robust security awareness training for employees, emphasising the identification of social engineering red flags. Stressor events, suspicious URLs, unconventional payment methods, and reluctance to verify identity are among the warning signs that businesses should be vigilant about. 

Regular training exercises have proven to be highly effective in reducing the likelihood of falling victim to cyber fraud. As the threat landscape evolves, it is crucial for businesses to stay informed, educate their teams, and adopt comprehensive cybersecurity measures to safeguard against the ever-growing menace of online scams. If a business suspects it has fallen victim to internet fraud, prompt reporting to local law enforcement and filing a complaint with the relevant governmental body such as IC3 is essential to mitigate potential damages.

Along with this, here are some other actionable steps businesses can take:

Network and Database Security

Secure your networks and databases by implementing firewalls and encrypting information. Conceal Wi-Fi networks and use password protection to minimise unauthorised access. Be discerning about the data stored in company databases, opting for a centralised repository for essential information. Regularly back up company data to mitigate potential losses in the event of a cyber attack.

Security Policies and Practices

Develop comprehensive cybersecurity practices and policies to guide employees in preventing and responding to cyber attacks. Clearly outline procedures for handling security incidents and specify consequences for policy violations. Control physical access to company devices and ensure proper disposal. Reset devices being discarded to factory settings to prevent data breaches.

Detecting and Preventing Malware

  • Install and activate antivirus software on all computers and laptops, ensuring continuous protection.

  • Discourage staff from downloading apps from unknown vendors/sources and emphasise using manufacturer-approved stores.

  • Keep all IT equipment up to date through regular patching, applying updates from software developers and vendors.

  • Control the usage of USB drives and memory cards by blocking access, using antivirus tools, and allowing only approved devices within the organisation.

  • Switch on firewalls to create a protective buffer zone between your network and external networks, enhancing overall network security.

Customer Communication

Inform customers about the reasons for collecting their personal information and its intended use. Assure them that sensitive information will not be requested through unprotected communication methods. Encourage customers to report any suspicious communications, having a collaborative approach to cybersecurity.

How Can Gerrish Legal Help?

Gerrish Legal is a dynamic digital law firm. We pride ourselves on giving high-quality and expert legal advice to our valued clients. We specialise in many aspects of digital law such as GDPR, data privacy, digital and technology law, commercial law, and intellectual property. 

We give companies the support they need to successfully and confidently run their businesses whilst complying with legal regulations without the burdens of keeping up with ever-changing digital requirements. 


We are here to help you, get in contact with us today for more information.

Nathalie Pouderoux
Previous

How to Be Cookie-Compliant
Next

What Should Be in a SaaS Contract?