Skip to main content
RBC
Fraud is a serious problem that can affect individuals, large companies, and non-profit organizations of any size. Whether internal or external, fraud can affect your organization's ability to meet its obligations, impact your reputation, and influence the future support you receive.

It is estimated that fraud costs Canadian not-for-profits at least 5 per cent of their revenue every year. That’s money that could have been used to fulfill your mandate and support the cause, community or group you’ve committed to supporting.

While no organization is immune to fraud, there are steps you can take to safeguard your organization. Understanding the different types of fraud, staying informed about new tactics and educating and training your staff are all crucial steps to keep your organization safe.

So how prepared is your non-profit to spot and prevent fraud? Take our quiz to find out.

  1. In a common scam, a fraudster will pose as your organization's top executive and will send an email asking an employee to transfer money to their account. This is an example of Business Email Compromise.

  2. The right internal controls can help prevent fraud. An example of an effective internal control is assigning an accountant to take care of all the books, ensuring the same set of eyes looks at everything from start to finish.

  3. Despite the advancement of payment technology, cheques are still used by many businesses — and cheque fraud remains a problem. If the issuing bank's name or address is missing, the cheque is considered "bad".

  4. An employee received an email request from a vendor for a large payment. To verify that the requested payment is legitimate, the employee should call the number listed in the email.

  5. Some signs that a request for money or information is not legitimate are: 1) Instructions have been sent by email or a text message and 2) A sense of urgency is expressed.

  6. If your bank sends an email asking you to reset your company's Online Banking password to keep the accounts safe, you should do so immediately.

  7. All organizations are at risk of cybercrime, and one simple way to protect your organization and your staff is to mandate stronger passwords. Is Coff33T!m3 more secure than Password1234?

  8. Software updates can be a pain — but they have a purpose! They fix bugs on your organization's operating system, patch up security holes, making it harder for hackers to attack, and they improve the speed and efficiency of your hardware.

  9. You occasionally let staff work offsite. The best advice you can give them to ensure their communications are safe would be to find the strongest WiFi signal.

  10. Cheque fraud can happen a few different ways. Criminals can steal cheques, create fraudulent cheques or change the name or amount of a legitimate cheque. One of the ways to prevent this from happening at your organization is to check the payee name, date, signature and dollar amount once it clears your organization's account to ensure the cheque hasn't been altered.

You got out of

Way to go! You're already informed and aware of possible threats to your organization. Keep in mind that as technology advances, so do the skills, tricks and tactics used by criminals. Staying up-to-date about common scams, and knowing how to protect your organization, will be key to keeping your company and customer/member information safe today and in the future.

More Information on the Questions Above

1. This is a common Business Email Compromise scam, and will often begin with a fraudster compromising the email account of a high-level employee. By monitoring the compromised account, the fraudster will try to determine the process for sending and receiving wires, and use pieces of information gathered to make the email sound legitimate.

They will also include reasons for not following standard policy or for keeping a request secret: “I plan to make an announcement in the morning. Until then, please don't tell anyone."

2. Separating your payment-handling duties is an important internal control every business should implement. Having two signing authorities for issuing cheques is considered a best practice, and having at least two sets of eyes on invoices, cash-in and electronic disbursements can prevent fraud from the inside out.

3. Cheque fraud is alive and well, as it's an easy business to get into — all a fraudster needs to attempt cheque fraud is some high quality paper, a printer, scanner and some graphic design skills. That's why it's important to look out for anything out of the ordinary on a cheque you've received, including the signs above. Stains or discolouration and inconsistent typeface are other signs a cheque may not be what it seems.

4. Establishing authentication protocols is an important step for any business. This means that if a request for payment or information seems out of the ordinary in any way, staff should know to call a telephone number on file to verify whether the request is legitimate. This simple step can go a long way to avoid unauthorized payments and other fraudulent activity.

5. Because emails and phone numbers are easy for fraudsters to spoof, any request for payment or confidential information that comes in this way should be handled with caution. Also, fraudsters often try to instill a sense of urgency to get employees to act quickly so that they don't have enough time to consider their actions. The best course of action is to ask a manager or call the sender using a known phone number to confirm.

6. Your financial institution will never ask you for confidential information — including your PIN, Online Banking password or account number — over email. Any email you receive asking for this kind of information should be deleted.

If in doubt about the status of your account, enter the website address you normally use to log in, and make changes from there. Never follow an email link to enter confidential or personal information.

7. Password theft is one of the most common ways cyber criminals access information online. That's why you want all staff passwords to be long, complex, and difficult to guess. If the word “password" or the digits “1234" are in the password, you may as well be opening the door for hackers to browse through your organization's data.

Using a pass phrase, rather than just a word, is a great place to start. To make the password even harder to crack, it's a good idea to misspell words, add spaces, and include punctuation and/or numbers.

8. It's easy to click “Not now" or “Remind me later," but keeping your operating system up-to-date with legitimate updates is in fact one of the most critical actions you can do to keep your hardware safe.

9. WiFi Eavesdropping, as it's called, is one of the most common fraud tactics. While many hotels, coffee shops and restaurants conveniently offer public Wi-Fi, it's easy for a hacker to snoop on all the information your employees send online when connected to a public network.

10. According to the Canadian Bankers Association, while the use of cheques has been declining with the growing popularity of electronic and card payments, financial institutions in Canada still process nearly one billion cheques every year. This means you need to protect your organization from common cheque scams. Be proactive and implement a cheque mitigation solutions, such as Positive Pay/Payee Match.

A VPN service is a program that channels all internet traffic through a secure provider outside of the public Wi-Fi hotspot. This means that all the websites your employees visit — or emails they send — will funnel through an encrypted and very secure system.

You got out of

You're well on your way to being alert and aware of fraudulent activity. Keep in mind that as technology advances, so do the skills, tricks and tactics used by criminals. Being informed about common scams, and knowing how to protect your organization, will be key to keeping your company and customer/member information safe today and in the future.

More Information on the Questions Above

1. This is a common Business Email Compromise scam, and will often begin with a fraudster compromising the email account of a high-level employee. By monitoring the compromised account, the fraudster will try to determine the process for sending and receiving wires, and use pieces of information gathered to make the email sound legitimate.

They will also include reasons for not following standard policy or for keeping a request secret: “I plan to make an announcement in the morning. Until then, please don't tell anyone."

2. Separating your payment-handling duties is an important internal control every business should implement. Having two signing authorities for issuing cheques is considered a best practice, and having at least two sets of eyes on invoices, cash-in and electronic disbursements can prevent fraud from the inside out.

3. Cheque fraud is alive and well, as it's an easy business to get into — all a fraudster needs to attempt cheque fraud is some high quality paper, a printer, scanner and some graphic design skills. That's why it's important to look out for anything out of the ordinary on a cheque you've received, including the signs above. Stains or discolouration and inconsistent typeface are other signs a cheque may not be what it seems.

4. Establishing authentication protocols is an important step for any business. This means that if a request for payment or information seems out of the ordinary in any way, staff should know to call a telephone number on file to verify whether the request is legitimate. This simple step can go a long way to avoid unauthorized payments and other fraudulent activity.

5. Because emails and phone numbers are easy for fraudsters to spoof, any request for payment or confidential information that comes in this way should be handled with caution. Also, fraudsters often try to instill a sense of urgency to get employees to act quickly so that they don't have enough time to consider their actions. The best course of action is to ask a manager or call the sender using a known phone number to confirm.

6. Your financial institution will never ask you for confidential information — including your PIN, Online Banking password or account number — over email. Any email you receive asking for this kind of information should be deleted.

If in doubt about the status of your account, enter the website address you normally use to log in, and make changes from there. Never follow an email link to enter confidential or personal information.

7. Password theft is one of the most common ways cyber criminals access information online. That's why you want all staff passwords to be long, complex, and difficult to guess. If the word “password" or the digits “1234" are in the password, you may as well be opening the door for hackers to browse through your organization's data.

Using a pass phrase, rather than just a word, is a great place to start. To make the password even harder to crack, it's a good idea to misspell words, add spaces, and include punctuation and/or numbers.

8. It's easy to click “Not now" or “Remind me later," but keeping your operating system up-to-date with legitimate updates is in fact one of the most critical actions you can do to keep your hardware safe.

9. WiFi Eavesdropping, as it's called, is one of the most common fraud tactics. While many hotels, coffee shops and restaurants conveniently offer public Wi-Fi, it's easy for a hacker to snoop on all the information your employees send online when connected to a public network.

10. According to the Canadian Bankers Association, while the use of cheques has been declining with the growing popularity of electronic and card payments, financial institutions in Canada still process nearly one billion cheques every year. This means you need to protect your organization from common cheque scams. Be proactive and implement a cheque mitigation solutions, such as Positive Pay/Payee Match.

A VPN service is a program that channels all internet traffic through a secure provider outside of the public Wi-Fi hotspot. This means that all the websites your employees visit — or emails they send — will funnel through an encrypted and very secure system.

You got out of

As technology advances, so do the skills, tricks and tactics used by criminals. Being informed about common scams, and knowing how to protect your organization, will be key to keeping your company and customer/member information safe. You've got some learning to catch up on, but this quiz was a great start to your fraud prevention education!

More Information on the Questions Above

1. This is a common Business Email Compromise scam, and will often begin with a fraudster compromising the email account of a high-level employee. By monitoring the compromised account, the fraudster will try to determine the process for sending and receiving wires, and use pieces of information gathered to make the email sound legitimate.

They will also include reasons for not following standard policy or for keeping a request secret: “I plan to make an announcement in the morning. Until then, please don't tell anyone."

2. Separating your payment-handling duties is an important internal control every business should implement. Having two signing authorities for issuing cheques is considered a best practice, and having at least two sets of eyes on invoices, cash-in and electronic disbursements can prevent fraud from the inside out.

3. Cheque fraud is alive and well, as it's an easy business to get into — all a fraudster needs to attempt cheque fraud is some high quality paper, a printer, scanner and some graphic design skills. That's why it's important to look out for anything out of the ordinary on a cheque you've received, including the signs above. Stains or discolouration and inconsistent typeface are other signs a cheque may not be what it seems.

4. Establishing authentication protocols is an important step for any business. This means that if a request for payment or information seems out of the ordinary in any way, staff should know to call a telephone number on file to verify whether the request is legitimate. This simple step can go a long way to avoid unauthorized payments and other fraudulent activity.

5. Because emails and phone numbers are easy for fraudsters to spoof, any request for payment or confidential information that comes in this way should be handled with caution. Also, fraudsters often try to instill a sense of urgency to get employees to act quickly so that they don't have enough time to consider their actions. The best course of action is to ask a manager or call the sender using a known phone number to confirm.

6. Your financial institution will never ask you for confidential information — including your PIN, Online Banking password or account number — over email. Any email you receive asking for this kind of information should be deleted.

If in doubt about the status of your account, enter the website address you normally use to log in, and make changes from there. Never follow an email link to enter confidential or personal information.

7. Password theft is one of the most common ways cyber criminals access information online. That's why you want all staff passwords to be long, complex, and difficult to guess. If the word “password" or the digits “1234" are in the password, you may as well be opening the door for hackers to browse through your organization's data.

Using a pass phrase, rather than just a word, is a great place to start. To make the password even harder to crack, it's a good idea to misspell words, add spaces, and include punctuation and/or numbers.

8. It's easy to click “Not now" or “Remind me later," but keeping your operating system up-to-date with legitimate updates is in fact one of the most critical actions you can do to keep your hardware safe.

9. WiFi Eavesdropping, as it's called, is one of the most common fraud tactics. While many hotels, coffee shops and restaurants conveniently offer public Wi-Fi, it's easy for a hacker to snoop on all the information your employees send online when connected to a public network.

10. According to the Canadian Bankers Association, while the use of cheques has been declining with the growing popularity of electronic and card payments, financial institutions in Canada still process nearly one billion cheques every year. This means you need to protect your organization from common cheque scams. Be proactive and implement a cheque mitigation solutions, such as Positive Pay/Payee Match.

A VPN service is a program that channels all internet traffic through a secure provider outside of the public Wi-Fi hotspot. This means that all the websites your employees visit — or emails they send — will funnel through an encrypted and very secure system.

Want to learn more? Read the quiz explanations, or visit our Non-Profit section.