October was Cyber Security Month
. But just because it’s November doesn’t mean you shouldn’t be aware of how to protect yourself from online scams and fraud -- all year round. As a business, fraud can have serious financial consequences for years to come, and Armed Forces Bank is committed to educating our valued clients and customers about the risks.
In fact, fraud is, unfortunately, a widespread issue for businesses. In 2020, 74% of organizations were targets of payment scams. That means your chances of being targeted are quite high.
Learn more about business fraud, what it looks like, and how you can protect yourself online.
How Has Business Fraud Evolved?
The FBI’s Internet Crime Complaint Center (IC3) gives the public a reliable and convenient mechanism to report suspected internet crime to the FBI. The FBI analyzes and shares information from submitted complaints for investigative and intelligence purposes, for law enforcement, and for public awareness.
According to the IC3, they received more than 19,000 Business Email Compromise (BEC)/Email Account Compromise (EAC) complaints in 2020. The adjusted losses were more than $1.8 billion.
BEC/EAC is a type of scam
that targets both businesses and individuals, particularly around the transfers of funds. A subject will compromise legitimate business email accounts; then, they will conduct unauthorized transfers of funds.
Over the years, the scams have become more sophisticated. And the BEC/EAC schemes have evolved as well. Back in 2013, these scams often started with the hacking or spoofing of the email accounts of CEOs or CFOs. Then, fraudulent emails were sent requesting wire payments be sent to fraudulent locations.
These days, the scam has evolved to include compromise of personal emails, compromise of vendor emails, spoofed lawyer email accounts, requests for W-2 information, the targeting of the real estate sector, and fraudulent requests for large amounts of gift cards.
The IC3 reported an increase in the number of BEC/EAC complaints related to the use of identity theft in 2020. And cryptocurrency is now part of the scheme as well. An initial victim would be scammed in a non-BEC/EAC situation, including extortion, tech support and more. Then, that victim would be asked to provide a form of ID, which went to the scammer. That identifying information was then used to establish a bank account to receive stolen BEC/EAC funds and then transferred to a cryptocurrency account.
What Business Email Compromise Looks Like
Of those who reported fraud attacks at their organization, 62% reported Business Email Compromise. This means it continues to be the main source of fraud attempts.
Common types of BEC attacks include the following:
- Emails from third parties requesting bank changes, payments instruction, etc.
- Emails from fraudsters posing as senior executives requesting transfer of funds
- Emails from fraudsters impersonating vendors.
Fraudsters are increasingly using email to con organizations’ employees into believing they are legitimate vendors, staff, senior management, and other types of trusted parties. But this can compromise organizations’ payment systems. When they do such a good job of disguising themselves, employees and payment staff at these companies may believe these fake emails are legitimate and transfer funds to these criminals.
And on top of these attacks impacting organizations financially, they also put their confidential information at risk.
Especially over the past two years with more people working from home, companies have needed to adapt and put processes into place in order to mitigate the risk of fraud.
Protecting Your Business From Fraud
One of the best ways to protect yourself, your business, and your employees from fraud is education. In fact, 77% of financial professionals believe that educating employees on the threat of BEC and training them to identify phishing attempts are the best ways to minimize the risk of fraud.
Here are some policies you can implement in order to prevent and contain BEC:
- Implement company policies for providing appropriate verification of any changes to existing invoices, bank deposit information and contact information
- Confirming requests for any transfer of funds by executing a call back to an authorized contact at the payee organization using a phone number from a system of record (not numbers listed in an email)
- Institute strong internal controls that prohibit payments initiation based on emails or other less secure messaging systems
- Require authorized signoff from senior management for transactions over a certain threshold
- Adopt at least a two-factor authentication or other added layers of security for access to company network and payments initiation
- Color-coded emails indicating they are external
- Intrusion-detecting system that flags emails with extensions that are similar to company email (example: where “rn” could be in the place of an “m” etc.)
- Prohibit or flag emails where the “reply” email address is different than the “from” email address
How Armed Forces Bank Helps Protect You
At Armed Forces Bank, we pride ourselves on protecting our clients, accounts, and information. Be assured that the safety of your personal information and financial accounts is our top priority.
On top of taking steps to protect yourself, several of our services available for our business clients can help give you an extra level of confidence when it comes to your organization’s finances.
For instance, some of our fraud-resistant offerings include:
ACH Origination: Debit payments from customers with next-day availability to funds, streamline payroll with direct deposit, use ACH Block to stop fraudulent debit activity on your account, and quickly issue remittance through our e.Origination system.*
Check Positive Pay: Add extra protection with Check Positive Pay, our online service that prevents fraudulent checks from being debited from your account.*
ACH Positive Pay: This online fraud mitigation service allows you to manage ACH debit transactions from posting to your business account. Help further reduce fraud by preventing unauthorized transactions on your account.
Armed Forces Bank Has Your Back
Armed Forces Bank is committed to serving those who serve. And you can count on us to have your back.