Protecting Your Business from Fraud
The 2023 AFP® Payments Fraud and Control Survey reported 65% of organizations were victims of payments fraud attacks/attempts in 2022. Of those organizations experiencing attempted or actual payments fraud, 71% were victims of Business Email Compromise (BEC). BEC is a type of phishing scam in which fraudsters impersonate company officers or vendors to trick employees of the business into transferring money or turning over confidential data. Alleviating fraud should be top-of-mind for business leaders, and organizations should actively implement controls and measures to restrict the occurrence of such activity.
Business Email Compromise Examples:
- Emails from fraudsters impersonating as vendors (using vendors’ actual but hacked email addresses) directing transfers based on real invoices to the fraudster’s accounts.
- Emails from fraudsters pretending to be senior executives using spoofed email domains directing finance personnel to transfer funds to the fraudsters’ accounts.
In 2022, there was also a continued trend in Business Check Fraud. This type of fraud occurs when a fraudster intercepts a legitimate check and changes check information, or when a fraudster intercepts a business’ account/routing number and issues checks on that account.
Protect Your Accounts:
- Monitor/Reconcile your bank accounts daily.
- Enroll in account alerts/notifications in Online Banking.
- Store payment instructions in your accounting software or Online Banking templates- prevents accidentally entering the wrong payment instructions.
- Implement Fraud Prevention Tools with InBank:
- Positive Pay- Protects against check fraud.
- ACH Positive Pay- Protects against electronic transaction (ACH) fraud.
- Assign Dual Control – InBank requires two users/employees to initiate and approve outgoing transactions for ACH and Wires.
Business Email Compromise Prevention:
- Implement Multi-Factor Authentication for email.
- Urge employees to use caution in reviewing emails prior to engaging or clicking on links.
- Lock workstations when leaving unattended.
- Only email proprietary information in encrypted emails.
- Implement policy to validate all new payment instructions or a change in payment instructions for vendor payments, employee’s direct deposit, etc. to be verified by a phone call.
What if my company falls victim to BEC and sends funds to a fraudster:
- Review payment information.
- Determine if transaction resulted from a scam or an error.
- Contact the originating bank (the bank you used to initiate the transfer of funds).
- Confer with the bank about options for recovery of funds.
- Determine the source of the fraud.
- Determine if the fraud resulted in other fraudulent payments.
- Report the scope of the fraud to management.
- Notify local law enforcement and the FBI’s Internet Crimes Complaint Center (IC3).
- Determine the need to engage internal resources (Information Security, Audit, etc.).
- Perform remediation (virus scans, security audit).
- Review and update policies and procedures with compensating controls.
- Educate staff on proper procedures.
For more information on InBank’s Fraud Prevention tools or related inquiries, please contact us at Business.Support@inbank.com or 877.463.6990.