Language selection

Search

Protect your business from fraud

Recognize, Reject and Report Fraud

To protect your business from fraud and avoid paying out-of-pocket to scammers, you need the facts. The number of fraud schemes and con artists ready to part your business from its money is endless. Here, we explain some of the most commonly used scams targeting businesses in Canada, to help give your company a fighting chance against fraud.

Social engineering plays a huge role in how scammers perpetrate fraud. It's all about manipulating people into revealing confidential or personal information, or taking actions that lead to them being victimized by fraud.

Social engineering relies heavily on individuals being persuaded based on feelings of:

It's important to be aware of these very common human tendencies that fraudsters exploit to achieve their ends.

Your best fraud prevention tactics are information and vigilance.

On this page

Common scams

Recognize the pitch

Reject fraud - Top 5 myths to bust

Top 10 fraud-fighting tips for businesses

Report fraud

Common scams

Here are some examples of common scams to look out for and tips to help you fight back.

Business grants and loans scam

How it works:

You find a website while searching online for small and medium-sized business financing. It has the appearance of a government department helping small businesses access grants and loans, but it's only masquerading as such. For a fee, they'll ensure you get 'special acces' to government funding programs and may infer that the funding is guaranteed. Their website and/or name may mimic a government department, right down to the use of the Canadian flag or other logos and wordmarks.

This is a sure way to squander your money. First of all, services and information to help you apply for government grants and loans are offered free of charge by government departments or agencies. Secondly, nobody can guarantee your business would receive such funding, nor are private sector companies involved in the approval process for it.

What to do:

Directory scam

How it works:

You're contacted by a seemingly legitimate business directory supplier wanting to confirm your address and contact information. Simple - you confirm. The caller may imply that your company has purchased the directory listing in the past, saying that the call is simply to update your company contact information. This is called the "Assumed Sale" technique.

Then you receive a confirmation call designed to get you to agree to purchase the directory listing and a few weeks later, you receive an invoice for several hundred dollars for online advertising you supposedly agreed to. The online directory is of little or no commercial value, isn't searchable, and offers nothing better than a standard Google search would.

When you call to dispute the charge, they say they have a recording of you agreeing to the services, which they've edited to suit their purposes, and they threaten to send your file to a collection agency. Then if you don't pay, you receive aggressive collections calls, falsely claiming that your credit rating will be affected, when in fact they have no legitimacy to report you to a credit bureau, because the invoice or contract wasn't from a legitimate source or your usual supplier.

A twist on the directory scam is a notice sent to your business, usually by email, asking you to confirm company information. At the bottom of the page is a signature line followed by fine print that often gets ignored, stating that by signing the notice you have agreed to a two-year directory listing for $1,500 per year. The notices often use symbols suggestive of legitimate directory companies like the Yellow Pages' "walking fingers." 

What to do:

Before providing any information to a third party, always check their legitimacy by taking a few simple steps:

If you receive an unsolicited offer from a company wanting to sell you services:

If you are threatened verbally or in writing, call your local police and the Canadian Anti-Fraud Centre.

Office supply scam

How it works:

In a typical office supply scam scenario, you or your buyers receive an email or call from someone who seems to be your business' regular supplier of photocopy toner, light bulbs or some other type of office supplies. The scammer could infer that there's a government requirement for you to replace an 'expired' product, such as a first aid kit, and that they're contracted by government to be a supplier of that product, and that you could face a fine if you aren't in compliance. They may be hoping to catch a new or lower level employee who isn't aware of how things work, or may use 'spoofed' emails to make it appear that they originate from your usual supplier.

Office supply fraudsters ask you to verify information such as address, banking details, the person to be invoiced or other information associated with ordering supplies. In the case of emails, they could provide you with new banking details and request that future payments for supplies be made to this "new" account. They might also ask for seemingly irrelevant information like the number of employees in the organization. These inquiries are designed to trick you into giving up key information so they can fine tune their trap.

Sophisticated fraudsters will later place a second or third phone call to gather even more information or try to mislead your colleagues into believing that you or a manager agreed to placing an order and that everything is already settled; they only need payment.

When you receive the very realistic looking invoice, with or without the supplies, you're asked to pay. When you refuse, you get aggressive collections calls threatening to report you to credit bureaus and local business associations to damage your reputation.

Additonal Reading

Another twist on the office supply scam goes like this: a training company convinces you to sign up for health and safety or other specialized training for employees, citing government regulations requiring it. The scammer may not actually provide the training after being paid to do so, or they may provide inferior training that isn't properly authorized. In the meantime, you're on the hook for the cost.

What to do:

Before providing any information to a third party, always verify that they are legitimate:

If you receive supplies you didn't order:

If you receive supplies that you ordered but they're of inferior quality, or overpriced:

If you are threatened, call your local police and the Canadian Anti-Fraud Centre.

Phishing, Spear Phishing, Whaling, Vishing, SMiShing…

Definitions
Spear phishing
is when fraudsters have a specific target in mind: they are looking for one specific piece of information.
Whaling
occurs when fraudsters try to catch big targets like organization leaders.
Vishing
refers to phishing by voice or over the phone.
SMiShing
refers to SMS texts phishing.
Additonal Reading

How it works:

There are many "phish" in the "fraud ocean"! They all refer to the same broad practice: someone is trying to trick you into giving up sensitive business information like your credit card number, bank account number or passwords.

In a typical phishing scam, you are contacted via email, social media, telephone or text. The scammer will masquerade as a financial institution, service provider, client, supplier, prospective business partner, or even a government organization.

What to do:

Always be wary of unsolicited emails, text messages or phone calls from individuals or organizations prompting you to click on an attachment or link. It could lead to a website that looks legitimate, like your email login page, but is in fact only an extremely convincing imitation designed to steal your information.

Would you be able to spot this phishing attempt? In this example, scammers are trying to mimic your mother's email address, using the services of a fictitious email service provider: wmail.ca 

From: rnommy@wmail.ca  

The catch: can you see that the first "m" is actually an "r" and an "n" stuck together?

And this one…

From: mommy@wmail.com 

The catch: did you notice that it comes from a ".com" rather than ".ca"?

Or this one…

From: mommy@wmail.ca

The catch: hover your mouse over the hyperlink. It actually links to mommy@thisisscam.ca. This is a clever way to mask the actual sender. 

Be vigilant!

Fake CEO scam

How it works:

The 'fake CEO' scam (also known as the 'business email compromise') is a type of spear phishing in which fraudsters impersonate your company's CEO or other senior employee using a legitimate-looking email. They may have lifted information from your company's website or hacked into your business'  email system to get information about key employees, clients, suppliers and banking information.

This type of fraud uses social engineering and psychology to bypass the normal controls and procedures within a company. There are different scenarios they can spin. Posing as the fake CEO, they might target financial employees to enact money transfers, or say that a contract is in danger if a supplier isn't paid immediately, insisting on an electronic payment to a certain person or business. Or they might impersonate one of your important suppliers who has not been paid and is threatening to escalate the issue. There are many different scripts in this type of scam.

What to do:

Intellectual property scam

How it works:

You might receive a letter or email that appears to come from a federal agency like the Canadian Intellectual Property Office (CIPO), saying that your business' intellectual property (IP) rights must be renewed.  It could contain images of patents or trademarks, contact information, registration numbers and other information that is publicly available. All this very specific information makes the reminders appear authentic. They'll ask for payment in exchange for renewing your IP rights and you could end up paying much more than necessary. They might state that they aren't CIPO, but it could be buried in very small text and not easily seen.

What do to:

Malware and ransomware

How it works:

Malware, or malicious software, is a computer program that's specifically designed to damage the normal operation of your computer or network. You can accidentally 'catch it' when downloading email attachments, clicking links in emails, visiting less reputable websites or downloading music, videos or programs. It can also infect your computer through pop-up ads. 

Malware is a security issue and is never good news. It can send spam, access your computer, find personal information, disable your security settings or re-install itself after you remove it. In the form of ransomware, it can block access to your business computer by locking your screen or encrypting your information while scammers demand payment to unlock it.

What to do:

There are many ways to prevent and avoid malware. Protect your computer and network with security software, back up your data externally and stay vigilant. For more details on staying safe, visit the Get Cyber Safe website.

Recognize the pitch

Additonal Reading

Scammers have well-developed skills and techniques. They know exactly which strings to pull. They bank on certain values and emotions we all share:

Here are a few techniques scammers use to lure you. Get familiar with these tips for the next time you get a cold call or unsolicited email.

Urgency
This is a pressure tactic that offers a special lower rate and often implies it's a one-time deal offered only by the caller, to entice the person to pay immediately: "I'm glad I caught you today." "Offer ends tomorrow." "I can offer this rate now, but I can't guarantee it will be offered again." 
Creative name use
This is about using a company name that sounds large, national or international. Giving the first or last name of the caller, although it's likely an alias, helps develop familiarity.
Authority
This borrows credibility from an outside source and can be highly persuasive. "We're registered with the government as the official supplier of…" "You're required by law to buy this…" "We're owned and operated by MBA graduates with over 12 years' experience in the industry."
Reciprocity
This involves offering a prize, a special price or other privileges to get you to send money or confirm an order. "We'll give you something, you give us something in return."
Foot in the door
This involves getting you to agree to some small purchase, and then surprising you with larger commitments later. For example, you accept a free box of paper, but then discover that in doing so, you've agreed to an automatic monthly supply of paper.
Pitch a better deal
This involves offering something very expensive, expecting you to balk at the price, wherein you're offered something cheaper that now looks more reasonable. You may mistakenly think you got a good deal but later realize you've been defrauded.
Initial agreement pressure
Early in the pitch, you're asked a question like: "Do you like to save money?" Later you're pushed to stick to your word and commit to a purchase by reminding you that: "You said you liked to save money."
Altercasting
This places you in a desirable and respected social role: "As a critical member of your organization, you should know…" or "Are you the manager? Then you should have the authority to approve this offer now…"
Professionalism
This plays on your sense of professional integrity. If you say you're not sure you ordered it, you're told, "My records show that I called you on (date) / at (time) and confirmed the amount. I'll include my personal business card in case you have a problem with the order."
Untraceable payment methods
Scammers often want payment through wire transfers, gift cards, and more recently Bitcoin or another cryptocurrency, all of which are nearly impossible to reverse or track, particularly the latter.

Reject fraud - Top five myths to bust

1- Fraud isn't a real problem for my business

It is. According to a recent report by PwC, 55% of Canadian organizations experienced some form of economic crime in the past 24 months. BDO Canada estimates that fraud cost Canadian businesses more than $30 million in 2017.

Falling for fraud can impact your money and your personal information, and it definitely wastes your time. It can also impact your customers if your services are interrupted or their personal information is compromised. Fraud can hurt your reputation and your bottom line, yet there are steps you can take to protect your business.

2- Scammers are obvious

In 2017, Canadians lost close to $100 million to fraud, so scammers can clearly be very convincing. Don't blame yourself for not catching on if it happens to you. According to the Better Business Bureau (BBB), fraudsters use the following tactics against businesses because they have worked over and over:

Businesses told the BBB that learning about a specific scam and the methods and behaviour of scammers was the most helpful way to avoid being scammed. Arming yourself with good information will go a long way.

3- Scammers aren't interested in small and medium-sized businesses

The Canadian Federation of Independent Business found that one out of every five small businesses has been victimized by fraud, at a cost of $6,200 on average. They also found that most businesses take measures to protect themselves from fraud, costing on average $2,900 – much less than the cost of falling for fraud. A quick cost/benefit analysis would suggest that it makes financial sense for small and medium-sized businesses to invest in fraud prevention.

4- It's not worth reporting fraud

There are many reasons why businesses choose not to report fraud. They may fear it will jeopardize their reputation, require too many resources relative to the loss, or it's too minor to warrant involving the police.

Understand that it's extremely important to report fraud – it's one of the best ways the authorities can identify current scams, see who is being targeted, gather evidence to disrupt and shut down the operations and better protect businesses in Canada from being victimized by fraud.

Law enforcement may not be able to take action immediately but the information you provide remains confidential. It can be used for investigations, to identify trends and to warn others (through alerts and other public education), and it can be shared with other law enforcement partners.

5- Fraud is a one-time thing

Actually, this isn't the case. Statistics show that once scammed, your chances of being targeted again are higher. It's called the 'sucker list.' While it may be tempting to write off being scammed as the cost of business and move on, remember that if employees are not trained to prevent fraud, the scam that caught your business once, or a new and different one, can show up again.

Top 10 fraud-fighting tips for businesses

Invest in your people

Invest in your processes

Invest in your networks

Report fraud

False or misleading advertising

Lost money

Identity theft

Banking information theft

Spam emails and text messages

Date modified: