Cybersecurity and fraud prevention are now essential to every business. The impact of fraudulent activity is staggering. In fact, according to Juniper research, cybercrimes have resulted in $2 trillion in losses in 2019 with an estimated $6 trillion per year by 2021¹. Although businesses of all sizes are not immune, it’s estimated that half of all cyberattacks are made against small-to-middle sized businesses. “Business cybersecurity and fraud schemes are here to stay and, unfortunately, criminals are only getting more sophisticated,” said Jon Moen, CTP, Senior Vice President, Director of Product, and previous Director of Treasury Management for First Bank. “It’s important to be prepared, educate your teams, and invest in the latest technological resources.”
Although there are many fraudulent scams, currently, there are three types impacting businesses at an alarming rate as a result of Business Email Compromise (BEC). These include executive, vendor, and payroll fraud. According to the 2019 AFP Payments Fraud and Control Report, over 80% of organizations experienced business email compromise.
Executive Fraud Scam
“The fraud scheme involving an executive is where the criminal hacks into the email accounts of a CEO or manager,” he explained, “and gains access to emails, contacts, personal identifier details, employee information, and calendar events.” This information is then used to maliciously gain intelligence that can be exploited to compromise a business from the inside, including requesting an employee to make false wire transfers. “For instance, if a senior executive is out of town and his email account was compromised, the cybercriminal can fictitiously email an employee to say things that only the manager would have known, including where he’s traveling to or from,” he said. “There’s often a sense of urgency in the email and, of course, they indicate to keep the wire transfer confidential. They’ll use many excuses to persuade the employee to do so. Sadly, once the fraudulent wire transfer is made, that money is gone.”
Vendor Fraud Scam
This same type of malicious behavior can also compromise a vendor email, requesting that payments be re-routed or changed. “Cybercriminals are now hacking into a company’s email account, creating false invoices, and then sending them out to their contacts,” he explained, “requesting that payment be sent to a new address or account number.”
Payroll Fraud Scam
Much like the other fraud schemes, payroll fraud involves hacking into a personal or business email account, posing as an employee, and requesting that said employee’s direct deposit payroll be re-routed to another bank or account number. To help prevent fraudulent scams from impacting your business or organization, Moen stressed the importance of ongoing education with all of your employees, regardless of their role or title.
"Educate your staff on what to look for in both phishing and fraudulent emails,” he said. “Consider establishing a company policy requiring employee verification for all payroll changes and implementing dual controls on all wire transfers.” He suggested that business owners consider developing a system to indicate if an email is coming from an internal or external source. Moen stressed the importance of using caution and staying alert for all business email compromise scams. “Other fraudulent crimes, like check fraud, are also still impacting businesses,” he said. “Using technology, education, and all of the tools available, such as First Bank’s Positive Pay, can help in the fight against fraud for your business."
¹Forbes, The True Cost Of Cybercrime For Businesses
²2017 AFP Payments Fraud and Control Survey