Home office and the increased risk of fraud
As a result of the declaration of the state of emergency by the Luxembourg government on 18 March 2020, most service sector companies moved into home office, which exposes the, to an increased risk of fraud, and fraudsters have become more than ready to take advantage of this new market that opens itself to them.
The risk is heightened by the fact that contact between private individuals is greatly reduced, and in some cases even impossible, in the context of the company's management as well as in its day-to-day business.
More still, the digitalization of everybody’s activity as well as the recourse to home working (télétravail) allows fraudsters to be more efficient. The widespread use of modern technology has given this specific type of criminal activity a serious boost that is of concern to companies and financial institutions, but also to individuals.
While the schemes are not new, their activity has increased drastically: the risk of fraud ranges from CEO fraud, i.e. a third party posing as the CEO (or director) of your company in order to trick your employees into paying a fake invoice or making an unauthorized transfer out of the business account, to romance scam, i.e. the pretended interest in a romantic relationship in order to extort personal information or money. Thus the risk of fraud affects not only your daily business operations but also your private life as a business owner as well as the private life of your employees.
Other predominant security threats are phishing attacks and investment scams.
Below you will find a list of measures you can take to ensure the security of your company and of your employees.
1. CEO fraud
As per the definition provided above, CEO fraud is characterized by a third party posing as the CEO (or any other decision maker) of your company in order to have your employees carry out tasks such as the payment of a fake invoice or the transmission of confidential information.
As the fraudster will often appear to be very convincing (such frauds are often prepared over a long period of time, and happen after the hacking of a mailbox), we advise you and your employees to pay particular attention to the warning signs of fraudulent emails or calls :
- unusual demands in contradiction with internal procedures
- request for confidentiality (and insisting thereon)
- threats, unusual flattery, bribery
- incorrect email addresses, copycat emails (pay attention to minor changes in the address), adding of a letter etc (for instance, duplicating the letter “I” is very easy as you barely see it).
- A message that you should not use the address the email allegedly comes from to respond to
- pressure and a sense of urgency
- suspicious links or attachments (should never be opened c.f. point 2 phishing attack)
In order to ensure security, you should also encourage your employees to be weary of any payment requests and implement internal protocols in prevention of fraud such as :
- internal protocol to verify the legitimacy of a payment request
- internal protocol concerning the report of a potential fraud
- internal procedure for managing fraud
We also urge you to verify any information posted on your company website, to change your passwords regularly (and to complex passwords), and to upgrade/ update your technical security.
2. Phishing attacks
Phishing email, messages and voice calls are the most common (and easiest) cyberattacks, as they do not require much technical knowledge on the side of the fraudster. They will try to trick you into sharing personal, financial or security information by assuming a false identity. Thus they could contact you under the false pretense of acting on behalf of your bank, your insurance or might even pose as a candidate for an inexistent job.
Such correspondence will often look identical to the types that real banks send (replicated logo, design), however you can recognize phishing attacks as such emails or messages may contain:
- unusual demands
- incorrect email address, copycat emails (pay attention to minor changes in the address)
- suspicious links or attachments (should never be opened)
- a request not to reply to the address that the email comes from
We encourage you and your employees to take the time to verify the legitimacy of any correspondence and to refrain from clicking on any suspicious link or attachment as such documents may contain ransomware.
3. Investment scams
Investment fraud may occur when a person or a banking institution promises you suspiciously high returns on your investment. If somebody offers you a 12% guaranteed return p.a.? Be careful, it’s very likely to be a fraud!
But things are not always that blunt: if entities are offering high rates of return at the moment, it is because they do not have financing available and are therefore desperate to find new financing on the market. In order to protect yourself from such investment fraud make sure you verify the terms of the proposals made to you.
Fraudulent investment opportunities will often be :
- promise high returns while assuring the safety of your investment
- limited in time in order to convey urgency
If you are suspicious of an investment opportunity you should seek advice at a trusted banking institution or an impartial financial advisor before handing over any money and/or financial information.
4. Romance scam
Fraudsters may also target your private life in an attempt to extract funds and sensitive information from you. You should be extremely suspicious if you experience unsolicited romantic attention from someone you don’t know. In these times of loneliness, individuals are very much at risk from this type of scam.
In order to trick you into providing money, gifts or your bank account details the fraudster will invent an elaborate backstory and may even pose as someone you know. Should you refuse their requests they may try to blackmail you.
In order to protect yourself against romance scam and the extortion of sensitive information you can take the following steps :
- don’t share personal information on social media
- don’t share any compromising information with the fraudster (pictures, videos, bank information)
- don’t respond to suspicious money requests and never transfer money for someone else (as this may be considered as money laundering, which is a criminal offence, punishable by imprisonment of one to five years and a fine of 1,250 euros to 1,250,000 euros).
If you are a victim of any of the above frauds, as well as any other fraud of a similar nature, you must report it to the police. Fraud is a punishable criminal offence and will be investigated by the public prosecutor and the police, who will decide what legal action should be taken.
Please note that any attempt to commit fraud is equally subject to the same penalties, so we encourage you to notify the police of any attempted fraud.
The present opinion issued by E2M S. à r.l., a law firm, registered with the Luxembourg Bar, having its registered office at L-2419 Luxembourg, 2, rue du Fort Rheinsheim and registered with the Luxembourg Trade and Companies Register under number B 210 821, is not legal advice and reflects only the current state of the provisions taken by the Luxembourg State and is understood to be subject to any changes or modifications of the provisions which have occurred or may occur from time to time as a result of decisions of the government of the State of the Grand Duchy of Luxembourg.
E2M S.à r.l cannot be held responsible for the use made of this document and cannot be held liable if the Luxembourg government modifies, adapts, deletes or changes the provisions/measures undertaken.