8 Signs of Fraud: How to Know if Your Business Has Been Hacked

As cybercriminals become ever more sophisticated, detecting signs of fraud and scams becomes harder and harder. Even intelligent people can easily be tricked by newer fraud attempts, which can end in loss of money, identity theft, and embarrassment for companies that may be, or appear to be, involved.

So, how do you know if a business has been hacked? Here are some ways to detect and recognize fraud:

Unusual Activity on a Bank or Credit Card Account

This might mean payments to companies you don't recognize (pro tip: If what is going to show up on your customer's credit card statement is different from your brand name, let customers know what will show up), checks being cashed out of order, checks that you did not send being cashed, being denied for a credit card or loan you never applied for, changes to your address or other information you did not make.

These can happen to individuals and businesses and can result from password breaches, credit cards being skimmed, etc.

Spelling and Grammar Errors

It's surprisingly common for phishing emails and fake websites to have excessive typos or worse. A more subtle thing to watch for … as many fraudsters operate from overseas, they may send a message that purports to be from a U.S. company but is in British or international English. This can be a lot harder to spot if you are not looking for it.

Phishers, these days, really know how to make the email look like it comes from a legitimate (possibly your) company, but they often still make mistakes in the text.

Misspelled URLs

Website cloning is a common means of fraud. This means that the hackers scrape a company's website and then post an exact copy on a URL that is one character away. The goal, of course, is to reroute payments made to that company to the hackers or to collect personal information, including login details. Government websites are also often cloned, especially in the U.S., where many smaller jurisdictions use .org or even .com websites to avoid the higher fees associated with .gov.

Another way to avoid clones? Avoid clicking on paid search results. Scammers will pay good money to get their cloned website at the top of the search ranks.

If you own a company, have somebody check frequently to ensure your website has not been cloned. If it has been, report it and warn your customers about the copycat.

Shipping and Billing Addresses Are a Long Way Apart

In some cases, people have a legitimate reason for this; they may be dropshipping a gift or using a locker service. If the shipping and billing addresses are in different counties or even different states, this is often a red alert for credit card fraud.

Look at how far the addresses are apart and whether the address is a freight forwarder (often used to get around export regulations) or a reshipper. Be aware that there are also third-party package delivery companies that may have a different shipping address, typically when people live in apartments or condominiums. This can make detecting this kind of fraud even harder.

An Employee Lifestyle Suddenly Stops Matching Their Salary

If you have an employee who is suddenly a big spender and there's no good explanation for it, such as their partner getting a new job, there might be theft. This is often the way employee thieves are caught. Many people who steal or embezzle from their employer do not think to squirrel the money away or spread out their spending.

You Receive a Spike in Customer Complaints

A sudden spike in complaints, especially for non-delivery, may be a sign that your website has been spoofed or cloned or that your customers have been phished.

This means that thieves have been collecting payments intended for you and then not delivering the goods or services, or they have been delivering some kind of inferior copy.

If you are in the travel industry, an increase in people showing up claiming they have a reservation when they do not is also a sign that you may be being spoofed.

Weird Attempts to Access Your Network

This might include access attempts on non-standard firewall ports or excessive attempts to connect to a domain account. In some cases, the hacker has failed, but in others, they may have succeeded. Any strange attempts should be dealt with. You should also consider multifactor authentication to help protect everyone's accounts.

Also, watch for login attempts from unusual locations or at unusual times. If somebody's credentials have been stolen, thieves may decide to use them from, say, the Bahamas. If an employee is traveling and intends to work while traveling, have them notify IT of where they are going so that legitimate logins do not get flagged … and also so you know they are not going to be accessing it from the nearest cyber cafe.

Lag on Your Network

Another sign that you may have been hacked is if your computer or network slows down dramatically and it's not fixed by simple things such as a reboot. This could indicate that somebody is transferring files or that you have malware. Any lag that isn't resolved quickly should be considered suspicious, and IT should look into it.

This includes a slow internet connection from an employee's home. Hackers may target people working from home because they are not as secure.

Remember that hackers can be a lot more subtle these days. Phishing messages often look exactly like the real thing. Malware may be visible only as a slight slowing of the network. Hackers will also try to do things you may not notice. For example, when did you last check that the billing address on a credit card account did not mysteriously change?

The most important thing is to be alert for anything out of the ordinary and to research the latest scams and what criminals are trying to do to get your and your customers' money.