4 Top Business Fraud Trends to Know About
A common thought amongst business owners and decision makers when discussing fraud is, “that will never happen to me.”The unfortunate reality, however, is that successful fraud attempts are much more prevalent than one might imagine. With today’s increasing dependence upon online and electronic transactions, where account information is often readily available on the dark web, commercial businesses of any size or industry are susceptible.
Here we’ll take a look at the most common types of fraud, as well as tips to keep your accounts secure.
Business Email CompromiseWhile it may not be the most common in terms of number of incidents, business email compromise has the potential to be the most costly in terms of dollar amount.
With this type, fraudsters collect data about a business, either through publicly available sources or through phishing campaigns. They will then gain access to email correspondence between that business and another entity when a wire or ACH payment is about to take place. By creating a fictitious email address with only a slight difference to the legitimate one, or gaining access to the email system itself, the criminal can pretend to be the recipient of the payment and divert funds into their own account.
Typical targets include businesses that conduct high volume and/or high-dollar wire transactions, such as law firms or title companies. However, all businesses may be at risk. Since wire transfers transmit the funds immediately, a business can find itself on the hook for hundreds of thousands, if not millions, of dollars with a single fraudulent payment.
Check FraudA more widespread type of fraud is one that’s been around for decades. Yes, we’re talking about check fraud.
While it’s surprising to many that businesses are still writing checks in our rapidly digitizing economy, check fraud has experienced a resurgence of late. Criminals have found that routing and account numbers can be obtained with alarming ease online. And with checks also being relatively easy to counterfeit, the potential for success is high.
Businesses that conduct a large number of transactions on a daily basis, such as restaurants, are particularly vulnerable. Although criminals may keep dollar amounts low to avoid detection, the costs can certainly add up.
Business Impersonation FraudA version of fraud widely experienced by most employees is business impersonation fraud.
Falling under this category is the classic phishing attempt you may have in your inbox right now. Criminals pretend to be government agencies or legitimate businesses such as banks, credit card companies, or big box retailers. Often the request is to “verify account information,” or let you know you may have won something, with the intention of harvesting that information for fraud.
Although upon closer inspection, you can usually find a grammatical error or other irregularity, there are occasions where an employee might mistakenly fall into the trap. It’s important to properly educate your teams whenever a suspicious email is going around!
Ransomware AttacksThe last type of fraud we will discuss is not quite as common, but very concerning in that it can be potentially crippling for its victims. This one is called ransomware.
With ransomware, criminals will gain access to important systems, data, platforms, or devices within a business and shut down operation until payment is received. The consequences can be extremely serious, especially when the business is performing some type of critical function like a hospital or transportation company.
If your business has experienced a ransomware attack, we advise contacting the FBI’s Internet Crime Complaint Center (IC3) and/or your local FBI field office immediately.
How to Minimize RiskWhen thinking about how to prevent business email compromise, ransomware attacks, or any other type of fraud, it’s important to remember the basics of online security.
All businesses should be cautious with their systems, as well as their processes for making payments, regardless of their size. If security hasn’t been prioritized in recent months, you should consider hiring an expert as soon as possible to perform a thorough review of all systems, security solutions and processes. And be sure to follow their advice!
In addition, we recommend that all businesses set industry best practices as the absolute minimum. Changing passwords regularly and mandating dual controls for payment authorizations are just two worthwhile steps. Implement two factor authentication whenever possible. Train employees to be wary of phishing attempts, to avoid clicking on unknown links, and to question changes to payment instructions. Create a disaster recovery plan for potential incidents.
If you receive an email requesting a change to account information, it’s best to contact that company using an existing number and verify the change. Taking this extra step to verify prior to conducting the transaction is important – and avoid calling phone numbers listed in emails as those can be altered!
Your banker can also help you optimize your accounts for maximum security. At SouthState, we offer products like Positive Pay, which can provide an added safety net for your peace of mind. Find out how we can help create a tailored security solution to best fit your needs.