Protect Your Business from the Latest Fraud Trends

man using a laptop computer

It seems like every day there’s news of the latest fraud impacting businesses. It can feel like your business’s reputation and finances are on the line daily. 

Keep an eye out for these growing threats to learn how to better protect your business. 

Vendor Compromise 

This type of fraud falls under the Business Email Compromise umbrella. It starts with a fraudster infiltrating a legitimate vendor’s email system. Once inside, they monitor activity to identify financial transactions and communication patterns. When they’re ready, they send fraudulent invoices and/or updated payment instructions to the business’s contacts. 

They rely on the trust that vendors build with their clients to trick them into sending funds to the fraudulent accounts. 

A church lost over a million dollars after scammers compromised the email for the construction firm they contracted for repairs. The fraudsters used the company’s email to send new payment instructions. Once the church wired the money to the fraudulent bank account, it was unable to be recovered.

Tips for protecting your business from Vendor Compromise: 

Always verify payment requests using a known and trusted contact method before processing transactions – even for vendors you know and trust. If you receive an email, call the vendor using a phone number that you are familiar with from prior communications and never use phone numbers from an email. Once you call the vendor and speak with a familiar person, confirm all the details of the ACH and/or wiring instructions. 

Account Takeover (ATO) 

On the most basic level, account takeover occurs when criminals gain unauthorized access to accounts. While ATO scams don’t exclusively target financial accounts, when they do, it can result in major losses. 

There’s no single tactic scammers use to initiate these scams. They may use phishing emails or malware. They may also initiate credential stuffing attacks, where login credentials compromised in other breaches are used to access a different account. No matter how they gain access, once inside, fraudsters initiate unauthorized transactions, modify payment details, and add new users within online banking. They may even block you from accessing your own account. 

An online financial service provider reported that hackers broke into some customer accounts using login information stolen from other sites. The scammers had access to users’ sensitive personal and financial data.2 

Tips for protecting your business from ATO: 
  • Use strong, unique passwords for all your accounts. 
  • Enable multi-factor authentication. 
  • Monitor your account activity for any suspicious transactions. 

Phone Spoofing 

This scam goes hand in hand with imposter scams. Fraudsters manipulate caller ID systems to make it appear that calls are coming from legitimate businesses – including banks. 

When you pick up, the caller claims to be a representative of the organization they are impersonating. They often create a sense of urgency to pressure you into action. They may ask for account credentials, card details, or other sensitive information. 

A small business owner lost over $50,000 to a bank imposter. The scammer’s number appeared as the bank on her caller ID, and they even provided her entire credit card number. In the end, they tricked her into revealing her online banking credentials and stole nearly all the money in her checking account.

Tips for protecting your business from Bank Imposters: 
  • Be cautious when receiving unexpected calls, especially about financial matters. 
  • Instead of responding immediately, hang up and call back to a verified phone number. 

If you disconnect a call from a real bank employee, don’t worry! We appreciate your caution and look forward to you calling us back. 

As fraudsters become more sophisticated, businesses in our community and across the world need to stay informed and take action. If you suspect fraudulent activity, please report it to your local branch immediately. 

 

Sources: 

  1. 24 Real Examples of Business Email Compromise (BEC) 
  2. Intuit notifies customers of compromised TurboTax accounts 
  3. Small business owner loses over $50,000 to a bank imposter