Help your employees spot and prevent these three common business scams

What is fraud, and how does it impact Canadians?

Fraud is wrongful or criminal deception intended to result in financial or personal gain and has the potential to affect all Canadians, irrespective of age, gender, race, income level, or location. According to the Canadian Anti-Fraud Centre, nearly 45,000 Canadians fell victim to fraud in 2019, losing more than $96 million.

While fraud can target anyone at anytime and anywhere – organizations are particularly vulnerable to scams as fraudsters tend to target individuals with the goal of gaining access to the wider organization.

If your organization is targeted, the scammers may steal vital client information, encrypt files, and demand a ransom, or even just wreak havoc, costing your company time and money trying to fix it.

The three types of fraud most likely to put your organization at risk:

  1. CEO scams

In a typical CEO scam, fraudsters will impersonate a senior company executive, either by gaining access to their email address or by imitating one. They will send realistic-looking emails that try to trick employees into wiring money to a third party or making large purchases on behalf of the CEO. The emails will make the request sound urgent and confidential. For example, they may say the money is needed to secure an important contract, complete a confidential transaction, or update a supplier’s payment information.

Fraudsters are usually strategic about the timing of these emails. They send them when executives are away or hard to reach. This lucrative scam can cost businesses tens of thousands to millions of dollars. CEO scams are a growing global threat that targets all levels of business.

Tips to protect your organization:

  • Keep computer systems secure with an up-to-date, reputable antivirus software, and strong passwords
  • Validate all transfer requests either on the phone or in person. Never use the contact information provided in emails
  • Verify the sender’s email address—scammers will often create addresses that are very similar to legitimate ones, with just one or two different letters
  • Create a standard process for money transfers that requires multiple levels of approval
  • Limit public details. Fraudsters use information available online and social media to find potential victims and to time their fraud
  1. Phishing and smishing scams

As companies increase their digital footprint, fraudsters are getting more creative with scams in the digital space. Phishing is when an individual receives an unsolicited email that claims to be from a legitimate organization, such as a financial institution, business, or government agency. Scammers will ask their target to provide or verify, either via email or by clicking on a web link, personal or financial information related to the organization.

Smishing is the same thing, except it occurs via text message.

These messages often copy the tone and logo of trusted organizations, and usually include a call to action. They take many shapes and forms, but the bottom line is once they have been engaged, your organization is vulnerable to hacking and theft.

Tips to protect your organization:

  • Keep your employees aware and up to date on these tactics through regular training and encourage them to:
    • Ignore communications from unknown contacts
    • Delete suspicious messages as they can carry viruses
    • Don’t reply to spam messages, even to unsubscribe, and don’t open any attachments or follow any links
  1. Business scams

Business scams are ones where a company is sent fraudulent invoices and then hounded to pay them, citing approval by a member of their staff.

For instance, the directory scam. A fraudster sends your company a proposal for a listing or advertisement in a magazine, journal, or business directory. They’ll call to confirm the address and other details. Then the accounting department will receive and pay the bill, unaware that your company never actually ordered or authorized the service.

In many cases, scammers will hound the company to pay the amount owed – and often, larger organizations will pay simply to stop the harassment.

Tips to protect your organization:

  • Educate your employees to be cautious of unsolicited calls
  • Create a list of companies that are typically used by your business
  • Limit the number of staff who can approve purchases and pay bills
  • Clearly define procedures for verification, payment, and management of accounts and invoices

Other types of fraud:

  • Subscription traps
  • Identity theft
  • Health and medical scams
  • Romance scams
  • Tax scams
  • Door-to-door scams
  • Emergency scams
  • Purchase of merchandise scams
  • Sale of merchandise scams

You can get more information on these by taking a look at the Little Black Book of Scams. 

What to do if fraud occurs:

If your organization falls victim to fraud, reduce the damage by reporting the scam.

The Canadian Anti-Fraud Centre (CAFC) estimates that less than five per cent of fraud victims file a report and encourages anyone who believes they or someone else has been targeted by a scam to call the CAFC at 1-888-495-8501 or report it online at

Articles related to cyber security

view all

10 prevention tips to protect yourself against social engineering incidents

Help your employees spot and prevent these three common business scams

Fraud: What Canadians need to know – Part 4