6 Top Business Fraud Trends to Know About
9/11/2024
A common thought amongst business owners and decision makers when discussing fraud is, “that will never happen to me.”
Business Email Compromise
While it may not be the most common in terms of number of incidents, business email compromise has the potential to be one of the most financially damaging forms of fraud.With this type, fraudsters collect data about a business, either through publicly available sources or through phishing campaigns. They will then gain access to email correspondence between that business and another entity when a wire or ACH payment is about to take place. By creating a fictitious email address with only a slight difference to the legitimate one, or gaining access to the email system itself, the criminal can pretend to be the recipient of the payment and divert funds into their own account.
Typical targets include businesses that conduct high volume and/or high-dollar wire transactions, such as law firms or title companies. However, all businesses may be at risk. Since wire transfers transmit the funds immediately, a business can find itself on the hook for hundreds of thousands, if not millions, of dollars with a single fraudulent payment. The best way to combat Business Email Compromise is to verify payment instructions that you receive, and if they differ from past payments make a phone call to a trusted phone number to confirm the instructions. Don’t use a phone number found in the same message containing payment instructions.
Check Fraud
A more widespread type of fraud is one that’s been around for decades. Yes, we’re talking about check fraud.While it’s surprising to many that businesses are still writing checks in our rapidly digitizing economy, check fraud has experienced a resurgence of late. Criminals have found that routing and account numbers can be obtained with alarming ease online. And with checks also being relatively easy to counterfeit or steal from the mail and then alter, the potential for success is high.
Businesses that conduct a large number of transactions on a daily basis, such as restaurants, are particularly vulnerable. Although criminals may keep dollar amounts low to avoid detection, the costs can certainly add up. Regular, timely reviews of account activity or enrolling in products like Payee Positive Pay can help to quickly identify check fraud and prevent losses.
Business Impersonation Fraud
A version of fraud widely experienced by most employees is business impersonation fraud.Falling under this category is the classic phishing attempt you may have in your inbox right now. Criminals pretend to be government agencies or legitimate businesses such as banks, credit card companies, or big box retailers. Often the request is to “verify account information,” or let you know you may have won something, with the intention of harvesting that information for fraud.
Although upon closer inspection, you can usually find a grammatical error or other irregularity, there are occasions where an employee might mistakenly fall into the trap. It’s important to properly educate your teams whenever a suspicious email is going around!
Social Engineering Fraud
Social engineering fraud involves manipulating individuals into divulging confidential information.Cybercriminals use psychological manipulation, often posing as trusted figures like company executives or IT staff, to trick employees into revealing passwords, bank details, or other sensitive information. These scams are increasingly convincing and can lead to unauthorized access to company systems or funds.
To combat social engineering, businesses should regularly train employees to recognize suspicious requests, verify identities through trusted channels, and question unusual demands. Instituting strict verification processes and encouraging a culture of skepticism can greatly reduce the risk of falling victim to these scams.
Synthetic Identity Fraud
Synthetic identity fraud is on the rise, particularly as criminals exploit the vast amounts of personal data available online.In this type of fraud, cybercriminals create a new identity by combining real and fabricated information, such as using a legitimate Social Security number with a fake name and birthdate. This synthetic identity is then used to open accounts, apply for loans, and commit other fraudulent activities.
Synthetic identity fraud can be particularly challenging to detect, as it often goes unnoticed until significant damage has been done. Businesses should implement robust identity verification processes, such as multi-factor authentication and biometric screening, to mitigate the risk.
Monitoring for unusual account activity and conducting regular audits of customer information can also help identify and prevent this type of fraud.
Ransomware Attacks
The last type of fraud we will discuss is not quite as common, but very concerning in that it can be potentially crippling for its victims. This one is called ransomware.With ransomware, criminals will gain access to important systems, data, platforms, or devices within a business and shut down operation until payment is received. The consequences can be extremely serious, especially when the business is performing some type of critical function like a hospital or transportation company.
If your business has experienced a ransomware attack, we advise contacting the FBI’s Internet Crime Complaint Center (IC3) and/or your local FBI field office immediately.
How to Minimize Risk
When thinking about how to prevent business email compromise, ransomware attacks, or any other type of fraud, it’s important to remember the basics of online security.All businesses should be cautious with their systems, as well as their processes for making payments, regardless of their size. If security hasn’t been prioritized in recent months, you should consider hiring an expert as soon as possible to perform a thorough review of all systems, security solutions and processes. And be sure to follow their advice!
At bare minimum, we recommend all businesses follow industry best practices. Changing passwords regularly and mandating dual controls for payment authorizations are just two worthwhile steps. Implement two factor authentication whenever possible. Train employees to be wary of phishing attempts, to avoid clicking on unknown links, and to question changes to payment instructions. Create a disaster recovery plan for potential incidents.
If you receive an email requesting a change to account information, it’s best to contact that company using an existing number and verify the change. Taking this extra step to verify prior to conducting the transaction is important – and avoid calling phone numbers listed in emails as those can be altered!
Your banker can also help you optimize your accounts for maximum security. At SouthState, we offer products like Payee Positive Pay, which can provide an added safety net for your peace of mind. Find out how we can help create a tailored security solution to best fit your needs.