Beware: stand-ins and holiday temps targeted by cybercrooks
Summer is with us. For many people, that means taking a couple of weeks to recharge the batteries. A couple of weeks when a colleague or a temp steps in. And that's often all the opening an internet scammer needs. Over the summer months, businesses are at increased risk of falling victim to on-line fraud. So it makes sense to alert your staff to the dangers.
When people go on holiday, colleagues and temps often take on some or all of the absentees' duties. After all, the wheels of commerce must keep turning. The stand-ins do their best, of course, but some of the ins and outs are bound to be unfamiliar.
Watch out for CEO fraud
We've highlighted the problem of CEO fraud before. It's a scam that involves crooks pretending to be a company director or similar. It usually starts with a fake e-mail, which appears to come from one of the organisation's senior managers. In it, the 'manager' will instruct someone lower down the company hierarchy to arrange a large payment, typically to a foreign bank account. If the recipient hesitates, there may be a follow-up phone call. The need for discretion and speed will often be stressed. If a company has sound procedures that everyone follows, the attempted fraud is almost certain to fail. But a stand-in may not know the procedures or may not have the confidence to question instructions.
According to the Fraudehelpdesk (in Dutch), the flow of fake invoices also seems to peak in the summer. A fake invoice is an invoice sent for goods or services that have never been provided. Many are for small sums that junior staff can sign off and don't raise eyebrows. Or the devil may be in the detail, trapping you in an advertising contract or subscription you never really wanted. Scammers rely on the fact that short-staffed departments may not be checking things as carefully as usual. A trivial sum gets paid by an overworked temp, and the small print on the back of the invoice says payment is confirmation you've agreed an expensive twelve-month contract.
More DDoS attacks
Another worrying summer phenomenon is the 'holiday DDoS-attack' trend described by policy adviser Ryan Polk on internetsociety.org. In recent years, the holiday period has seen a clear upturn in DDoS attacks on webshops and gaming networks. The impact of the attacks is huge. Depending on the size of your operation, downtime can cost thousands. It's been suggested that attacks increase when students have more time and temptation to get involved in mischief. But that remains speculation. Whatever the explanation, it's a good idea to contact your hosting service provider and ask about options for reducing your exposure. Many Dutch hosters are now affiliated to NaWas, a nationwide anti-DDoS scrubbing initiative.
Tell your staff about the dangers.
Teach your staff to recognise fake e-mails.
Make sure temps get proper instruction and supervision, and understand your procedures.
If in doubt: don't respond!