Today's cybercriminals and fraudsters are more sophisticated and innovative than ever — often capitalizing on times of transition and uncertainty. Business leaders should understand the exposure to their companies, and best practices to reduce the potential for your organization to fall victim to financial account fraud and scams.
Take fraud and scams seriously. Leaving accounts vulnerable to attack can impact your organization financially and reputationally. Fraud awareness and proactive preventive measures can go a long way to ensure business fraud protection measures are in place to help stop fraudsters in their tracks. Read on to learn more.
Common Business Fraud Events
Falling victim to scams can result in significant financial losses, not to mention the time and energy spent coordinating with employees, customers, vendors, insurers and your bank. Here are some common business fraud events to keep in mind:
Ransomware
Ransomware attacks are common exposures. A scammer attacks a business database, typically through encryption malware that freezes its information. The organization can't access any accounts, and the scammer sends a ransom request (e.g., "Pay us X amount and we'll release the lock").
Check Fraud
The Association for Financial Professionals reported that 63% of organizations faced check fraud in 2022, and this remains one of the most persistent financial account scams. The fraudster steals a check and has access to account information, or manipulates the information on the check to change the payee and amount.
Social Engineering
More sophisticated actors are turning to email phishing scams where they commandeer an executive's emails, often when they're out of state or overseas on business. The scammer uses that opportunity to email a chief financial officer or the accounts payable department and asks them to rush setting up and sending a new wire for a fake business deal.
Vendor Hacking and Impersonation
Another common business fraud occurs when a hacker gets vendor account information and changes or manipulates invoices. Similarly, a scammer could impersonate a vendor and send an organization a fake invoice. These scammers often email or call at the end of the week or right before a holiday weekend to take advantage of a pre-vacation rush when guards tend to be down.
Phishing Attacks
With a phishing attack, the scammer emails an organization to trick recipients into thinking a message is valid. In a typical example, the victim believes the email comes from a legitimate bank or vendor requesting account information or a funds transfer, so they process it without looking closely. According to the FBI, victims of business email compromise saw adjusted losses of over $2.7 billion in 2022.
What to Do if Your Business Has Been Compromised
With the fast pace of business, increasingly innovative scams, and many employees both remote and in-office, it sometimes feels impossible to catch fraud before it's too late. If a scammer has victimized your organization, take these steps:
Contact Your Bank
If you're worried about fraud, contact your banker immediately. In addition to providing guidance, they can freeze accounts, hold transfers and help recover the funds.
Also talk with your banker about products and consultative services that help to ensure your business has strong fraud prevention processes in place. At Eastern, Positive Pay services assist in fraud prevention, ancillary tools such as alerts help to ensure you are promptly notified of suspicious activity, and Automated Clearing House (ACH) provides you with the capability of electronically originating transactions via a secure platform.
Call Your Insurer
If you have cyber insurance for your business, your insurance carrier has many resources to assist, including counsel, to help guide you. They can provide experts to review your systems and perform the forensics and cleanup immediately. And sometimes the insurer will assist you and counsel with reporting any threats to local, state and federal authorities.
If you identify a threat, notifying your insurer quickly is important. Contact your insurer as soon as possible. Once involved, a cyber insurance carrier can help to contain the risk. They may be able to help identify threat actors and unlock details without compromising your information.
If you are a homeowner, contact your homeowner’s insurance provider.
Report the Crime to the Authorities
If you do not have cyber insurance, contact the police to file a report and the FBI to register a complaint.
Let Other Parties Know
Alert customers and vendors, especially if their personal or business information has been compromised.
Best Practices for Business Fraud Protection
A proactive fraud-informed cash management plan, coupled with training, can help reduce the potential for your organization to fall victim to financial account fraud and scams. Here are a few best practices to help improve business fraud protection:
Create a Culture of Verification
Frequent education about scams, including the newest industry resources and training, can go a long way. This helps create a culture where employees are comfortable highlighting potential red flags and taking extra precautions to verify emails, transactions and requests.
Develop Strict Policies
Set policies about payment procedures in your company and with vendors. Include what isn't allowed, such as not accepting payment changes or even initial payment instructions via email, and calling to verify.
Implement Additional Controls
Many organizations implement dual control systems on both the setup and authentication of those verifying and approving payment information. You may also want to reduce the number of checks sent and transfer to ACH instead.
Combat Check Fraud
A separate checking account to isolate check activity makes it easy to cancel checks and close the account if you've been the victim of check fraud. Utilizing your bank's Positive Pay program can also help prevent and flag fraud.
Practice Sound Financial Hygiene
Monitor accounts payable and accounts receivable daily; waiting until the end of the month may be too late. Additionally, implement backups, follow strong password practices, avoid giving all users the same account access and consistently review activity.
Speak With Your Insurer
Understand the types of cyber coverage available and the potential limitations you may need to address. Your insurer may perform a threat assessment to determine potential risk areas and recommend security improvements.
Reach Out to Your Banker
Building a personal relationship with your banker is important. If you need support monitoring your accounts, ask your banker what systems or reporting they can help implement to make it easier to stay vigilant.
______________________________________________________________________________________________________________________________
Secure your business against fraud and scams. Connect with the Eastern Bank Commercial Banking team to learn how to best protect your organization. Get in touch with us today.
More Commercial & Business Insights