Forensic: What threatens business in the period of quarantine?
All-Ukrainian quarantine transferred to remote work of employees of the majority of Ukrainian entities to slow the rate of spread of the disease and save more lives. However, the mass transition to digital space is fraught with hidden threats. Quarantine untied hands to swindlers, especially those of them who works on the global Internet. In this article we will consider the most popular schemes of fraud and effective methods of counteracting them.
Dr. Evil and pseudo-contractors attack
Since the beginning of quarantine around the world hacker activity was gaining momentum every day. Today we have a significant surge in such activity which consists in mailing of malicious software and creation of fake sites and services. The purpose of the attackers is to steal personal data of victims who “get on the hook”, learn passwords from their bank accounts or company accounts, their accounts, and in the future steal money or information. And even all at once.
Panic and lack of information pushes people to independently search for at least some news about the pandemic and its consequences for the economic well-being of the country, and the newsletter itself throws the “necessary” data into their hands. Hackers and cyberthieves are probably the most flexible category of intruders as they are surprisingly quick to adapt to circumstances and get the most out of it. So now in mailings we see letters from medical institutions, private doctors, laboratories and so on.
For example, the specialists of the Californian company Proofpoint, which offers solutions for the data leakage protection system, recorded strange messages that their customers began to receive. In these letters, a certain Doctor denounced the existence of a vaccine against COVID-19, which the Chinese and British authorities are trying to hide. Conspiracy Theory fans and simply interested users found themselves on an online document on a site that was no different from the popular data resource Docusign. But the site was a fake, and its main function was to collect credentials and passwords. Representatives of Proofpoint reported that such letters are sent in batches of 200 thousand at a time.
But the most dangerous type of mailing for companies are letters from pseudo-contractors. Attackers learned to impersonate current partners, suppliers, customers, creditors, etc., and began sending letters about the following content: “We have changed our bank details in connection with quarantine. Use the new account to pay for services/goods/credits: **** **** **** ****”. It’s not difficult to guess whom the deceived users’ money will actually go to.
What to do: tighten cybersecurity. The best pill of excessive curiosity for your employees will be a webinar or publication on a corporate resource of information about potential risks that carry letters from unverified senders. If your company has a specialist in cybersecurity (and you have not had time to dismiss him on the wave of optimization of costs), set him the task to conduct a crash test of the data transmission channel and digital armor of the enterprise as a whole. The main goal is to identify weaknesses and “bottlenecks” in defense and eliminate them as soon as possible.
Raiding is included in the high season
It is difficult to imagine more favorable circumstances for intruders than general panic and vanity. Rewrite the company or property on a fake court decision or on the basis of an unscrupulous notary’s decision for raiders now is not difficult, since evil not only does not slumber, but does not sit in quarantine, unlike most employees. The Ministry of Justice confirms that the number of addresses today is really great. But to make any predictions as to how much the flow of such complaints will grow during the crisis (the traditional time for redistribution of property), now no one takes. Therefore, businesses need to take good care of their own security and minimize risks on their own.
What to do: in order to be ready for the “mask-show”, it is worthwhile to check all the equipment in time that can record physical manipulations carried out in your office: make sure that security services are paid for, and CCTV cameras are working properly. Make sure that among your key employees there are no offended and insulted, especially among those who have access to important information. Why? It’s simple — the “leak” of data in order to harm the company often comes from employees in conflict with their employer.
Having dealt with cameras and employees, dig deeper — see the list of shareholders and partners, which had previously arisen conflicts and disagreements in opinions; update the monitoring system changes in the registers, so as not to miss the illegal change of land ownership, real estate or corporate rights. For this purpose, there are several online services and mobile applications, just set a query in the search box of your browser. All this is necessary in order to prevent a fictitious meeting of shareholders and physical seizure of assets.
If we talk about the support of the state in the issue of illegal seizure, we can note the Anti-Raiding Commission of the Ministry of Justice, which started its work on January 16, 2020. Its task is to consider raider actions and return property and business to legal owners within 24 hours. Also, for the protection of property, the Anti-Raiding Office continues to work actively. Applying to the hotline, you can get an answer on the stage of consideration of the complaint and advice on the procedure for its submission and consideration, receiving complaints about actions and decisions of state registrars, issuing documents on the outcome of the complaint consideration, etc.
Classics of the genre — fraud in accounting
The team of accountants is often mistaken for “statisticians” who do not have a real impact on cash flow. Limiting in their minds the function of an accountant only by counting taxes, ignoring the accounting function and not understanding the objective processes, the company’s managers personally destroy the protective mechanisms of combating fraud.
And while the owners are in blissful ignorance, accounting workers, having direct access to the current accounts, for mercenary reasons can increase the salary fund of employees at the expense of “dead souls”, overcharging bonuses and other mandatory payments, “pouring” money into their own pockets. Moreover, the situation, provoked by quarantine, ideally contributes to this — in case of perturbations with staff cuts, changes in wages and cuts in costs, there is a wide space for creative maneuvers.
What to do: attack your accountant with suspicion is not worth it, it will be sufficient to strengthen control over the implementation of any payments, especially purchases. Also it is necessary to pay attention to operations on write-off of property, plant and equipment. If you want to control funds, just limit or complicate the procedure for withdrawing and transferring money. For example, connect the current account to the client-bank, then a two-step confirmation system will be required to make payments. The accountant creates a payment and signs with his signature, and the manager checks and signs payments with his key.
Quarantine slowed down the production process and created many difficulties for Ukrainian business. But if you keep cool and think two steps ahead, you can see some good opportunities for development that have been given to us by slowing down the pace of global entrepreneurship. This is the best time to identify weaknesses in the system of protection of your assets and the company as a whole. Otherwise, these opportunities will be used by ill-wishers, and it will become even more difficult to resist them.