Local businesses in the area should be aware of two types of frauds targeting businesses, stores and agencies in Kingston and throughout Ontario, the Kingston Police Fraud Unit warns.
The first fraud scheme involves a fraudulent Electronic Fund Transfer (EFT) used to pay for merchandise. The targeted business receives a call from someone looking for a quote on a significant amount of merchandise. In two cases the caller used the name “David Alberts,” according to a release from Kingston Police, dated Monday, Apr. 12, 2021. The caller agrees to place the order and asks the business for their account information so that they can send an Electronic Fund Transfer to pay ahead of time for the order.
It appears to the accounting departments of these businesses that money has been placed in their account, police said. A truck then shows up to pick up the order. In the cases that Kingston Police are aware of the trucks were from Quebec.
According to the release, the affected business later discovers that there had been no EFT; rather, forged cheques had been deposited into their account. This temporarily tricks the business into thinking that the money has actually been paid into their account. They don’t discover that in fact there is no money until after their merchandise has been taken, Kingston Police said.
In the second fraud scheme businesses and agencies are being targeted with phishing attacks.
“This occurs when an attacker, masquerading either as a trusted or apparently neutral entity, dupes an employee into opening an e-mail or text message and clicking on a link,” said Constable Ash Gutheinz, Media Relations Officer, C.O.R.E. Unit. “Once the link is clicked, malware is surreptitiously installed onto the computer or device.”
Through the malware the attacker then accesses the employee’s e-mails. Sometimes ransomware encrypts all files and the business is told to pay money for the code to de-encrypt their files. Kingston Police said in several recent cases, the attacker looks for invoices sent to other parties – sub-contractors or other agencies.
“The attacker then mimics an employee’s e-mail – typically someone from accounting who had sent the original invoice – and follows up asking for payment of the invoice, and advising that their billing system has changed. (The e-mail will resemble the employee’s e-mail but will be off by one letter. For example, ‘region’ will be changed to ‘reglon’, a change that is not easily noticeable.) The fraudster then supplies a bank account number and asks for payment by wire transfer or electronic fund transfer. The money is then sent to an account that is accessed by the fraudsters and does not belong to the subcontractor or agency,” Constable Gutheinz continued.
Kingston Police urge businesses and agencies to ensure that all employees are fully aware of phishing attempts and are taught to exercise good cyber-security awareness. Employers are also urged to implement strong cyber security precautions, including strong passwords, regular password changes, two-factor authentication, strong firewalls, etc.
Any time an entity who is owed money advises of a change of account information, confirm the change by phone or video call, and ensure that due diligence is exercised, Kingston Police said. A variation on this scam involves payroll departments receiving a fraudulent e-mail from an employee advising that their banking information has changed. The next salary payment then goes to an account that does not belong to the actual employee.
When receiving significant orders from a new customer you’ve never dealt with before, ensure that payment has been legitimately made by confirming the method of payment. If payment was actually done through cheque, Kingston Police recommend exercising prudence. Wait for the bank to confirm that the cheque is legitimate. Police suggest payments through cheques be avoided.