Over the past couple decades, we have seen cybercrime evolve and become more sophisticated with each passing year. This is a heightened topic of discussion as more businesses have fallen victim to fraud through phishing and business email compromise. Fraud prevention is crucial, as these threats continue to be more prevalent and result in significant losses for both large and small companies. However, with proper training and awareness, you can help reduce your company’s chance of becoming the next victim.
In light of escalating cyber threats, it’s important to recognize and understand the nuances of these tactics. Phishing is when a person receives an email, call, or text appearing to be from someone you may know but is an imposter. Business Email Compromise (BEC) involves cybercriminals compromising legitimate business and personal email accounts to intercept and gain information in an attempt to transfer unauthorized funds. These are some of the many ways fraudsters attempt to gain information and trust to access your system or exploit sensitive information:
- Often, fraudsters use familiar company names to pose as someone you know, and frequently possess personal information about you to gain trust. These emails can appear to come from vendors or employees within your organization.
- These emails often look legitimate with only minor changes. They may even come from a legitimate email address, requesting actions such as wire transfer for invoices, but with changes to the routing and account number or may request sensitive information.
- Emails may ask you to click on a link to visit their website, which could contain malware and other viruses aimed to penetrate your system.
- Emails might request confirmation of wire or ACH instructions or make changes to them.
To help mitigate these risks and protect your company, consider the following:
- Does your company have a fraud prevention plan in place, including penetration testing? There are companies that can help your business through this process.
- Implement a dual-approval process, requiring two individuals to authorize electronic money transfers and review transactions.
- Make the call. The most effective way to avoid costly scams is to contact the person who sent the email directly, whether this is your banker, coworker, or vendor. Verify the transaction and the details in it. If an email was intercepted, simple changes to the account or routing number could have been made. It’s important to confirm those details.
- If you are asked to provide sensitive information that a bank typically does not ask for, hang up and call the trusted number for the organization.
- Ensure you have implemented Check and ACH Positive Pay on your business accounts. These are fraud mitigants that prevent fraudulent check and ACH transactions from clearing your checking account and are needed on all accounts, no matter the amount of activity. All accounts are at risk.
- Establish a separate wire account if you receive wire payments. This provides a distinct account number, different from the main account number. If the bank has the capability, the wire account can be set up on a one-way sweep. The sweep allows it to accept incoming wire funds and transfer them into your main account, but it does not allow funds to be transferred from the main account if someone tries to initiate an outgoing wire from the wire account. Talk with your banker to understand how the bank verifies the receipt of wire instructions.
- Consult a trusted insurance agent who will help navigate cybercrime and fraud insurance to determine what is best for your company.
- Visit FTC Business Guidance for more tips on protecting your organization from scams.
Even with the best plans, fraud can happen. In the event your company falls victim to fraudsters, we recommend the following actions:
- Contact your bank immediately. This allows the bank to start their fraud process, as time is critical.
- Contact your IT/Security Department.
- Contact your third-party fraud contractor, if you have one.
- File a complaint with your local law enforcement.
- File a complaint with the Federal Trade Commission.
- Alert your State Attorney General.
We hope your company never falls victim to fraud. However, in either scenario, it is important for you to establish trusted business partners that you can count on – during both the good times, but also when faced with challenges.
Jen Welton is Vice President, Treasury Management at Cedar Rapids Bank & Trust. Her direct line is (319) 743-7052