Fraudsters and cyber criminals are still actively working to gain access to others’ hard-earned money. While recent surveys indicate that profits from business-related fraud are beginning to decline – thanks to increased awareness and stronger security measures – it remains crucial to stay alert.
Maintaining vigilance, educating your team, and regularly reviewing your security practices are key steps in safeguarding your business against evolving threats.
The methods used by fraudsters are becoming increasingly sophisticated and harder to detect. With the rise of advanced AI tools, scammers can now manipulate websites, emails, text messages, images – and even voices. Today, a familiar voice on the phone might be entirely computer-generated. Protect yourself and your business by staying informed and reviewing vulnerable routines!
Protect Yourself and Your Business from Fraud – practical tips
Awareness is your first line of defense and the best way to protect yourself from fraud is to stay alert and cautious. Here are some practical tips:
- Verify the sender: Check if the sender’s name and email address match the official contact details used by the bank, authority, or company.
- If in doubt: Contact the organization directly using contact details from your own phonebook or their official website – never use the information provided in the suspicious message.
- Be skeptical: Stay alert when visiting websites or clicking links that ask for banking credentials.
- Check the web address: Fake websites can closely mimic the appearance and content of official sites, such as those of Posti, the Tax Administration, or PRH.
- Don’t pay vague fees. Read the message carefully. Authorities usually don’t request payments via email.
- Don’t rush: Scammers often try to create a sense of urgency and pressure.
- Remember: Your bank will not ask for login credentials via email or phone.
- Using a Mobile Certificate (FI: Mobiilivarmenne) can help you avoid using bank credentials for identification in online services. While there are still risks, it reduces the chance of your bank details falling into the wrong hands.
- Use strong and unique passwords and enable two-factor authentication (2FA): Two-factor authentication provides an extra layer of protection.
- Don’t be fooled: Offers that seem too good to be true usually are.
Common types of fraud targeting businesses
Business identity theft
Business identity theft occurs when fraudsters gain control over a company by altering its official details. By changing address information and signatory rights in the trade register, they can impersonate the business to order goods, carry out financial transactions, or even secure loans – all under the company’s name.
Protect Your Business from Identity Theft:
Take proactive steps to safeguard your company:
- Use secure electronic filings: Ensure that only electronically made submissions to the Trade Register are allowed to reduce the risk of unauthorized changes.
- Register your email address: By adding your email to the Trade Register, you’ll automatically receive notifications of any changes made to your company’s details.
- Verify your personal information: Use the suomi.fi service to confirm that your personal details in the Trade Register are accurate. You can also view your current roles as a responsible person.
- Request a registration ban: If you suspect your personal data may be misused, submit a registration ban to the Finnish Patent and Registration Office (PRS). This prevents you from being listed as a responsible person in any company, association, or foundation without your explicit consent.
CEO fraud
CEO fraud is a scam in which a fraudster impersonates a company’s CEO, CFO, or another senior executive to trick an employee into transferring money to the scammer’s account. Avoid handling payment requests via email. Email can be easily spoofed or compromised. Always verify payment requests through a phone call or internal communication channels, using a method that has been pre-agreed within your organization.
Fake invoices
Companies receive false invoices, often from scammers posing as known suppliers with “new bank accounts.”
- Protect yourself by using a payment system (e.g. Fennoa) that saves suppliers’ bank account numbers and can alert you if an account number has been changed
Fraudsters send fake invoices for services you never ordered, often related to various phone and web directory services.
- Don’t pay unnecessarily – dispute the invoice immediately in writing. Inform them that you never ordered the product/service and, if needed, threaten to file a police report.
- If the fraudsters forward the invoice to a debt collection agency – inform the agency immediately that you have disputed the invoice because you did not order the product/service.
- Consider filing a police report.
Phishing
Scammers send fake emails to trick recipients into revealing sensitive information or logging into fake websites.
Smishing and vishing
Fraud via SMS or phone calls where the scammer claims to be from a bank, insurance company, authority or software provider or equivalent.
Viruses, trojans, and remote access
Malicious code is installed via links or attachments, giving scammers control over company devices or email.
Investment scams
Fake investment opportunities, often via social media, where companies are lured into investing in fraudulent projects. In some cases, the investor receives a quick return to encourage a larger follow-up investment.
Web domain scams
Fraudsters try to trick companies into registering a variation of their own web address. The fraudster claims that someone else has registered or is in the process of registering a similar domain, such as one ending in .org, .com, or .eu, and offers you priority to register or buy it back.
- Register all domain extensions through the same reliable domain provider.
- Immediately dispute any unfounded invoice in writing.
- Consider filing a police report – the behavior may meet the criteria for fraud.