Protect Your Business From Cyber Fraud
Cyber criminals continue to find new tactics to commit fraud and steal from businesses. The Association of Certified Fraud Examiners' (ACFE) 2014 Global Fraud Study revealed that companies lose 5 percent of revenues each year due to fraud. This translates to losses of approximately $3.7 trillion globally. In addition to lost revenue, there are also indirect costs, such as low employee morale, decreased productivity, ruined reputations and tarnished brand images.
Both large and small organizations fall victim to occupational fraud, the ACFE found that companies with fewer than 100 employees are particularly vulnerable as they were less likely to have anti-fraud controls to detect fraud sooner. Larger companies were more likely to have anti-fraud practices in place including hotlines, employee fraud training and internal departmental audits. Despite these efforts to combat fraud, large companies still fall victim to fraud every day.
Fraudsters are targeting companies posing as executives to request fraudulent wire transfers via e-mail. Impostors are using high tech methods to hijack the e-mail accounts of CEOs, CFOs and other high level executives in order to monitor the activity of the organization and learn the patterns and behavior unique to the company over an extended period of time. Once they have gathered enough information to sound genuine, the fraudster poses as the executive to send fraudulent, yet highly plausible, wire transfer instructions to employees that are unaware that the e-mail account has been compromised.
A new twist on the business email compromise hack is targeting businesses with an email from a supplier informing the business the payment instructions have changed and they should update the wire instructions and send the wire to X bank with a new account number and the same company name. The request appears legitimate and the business complies, updating the systems to send the payment to the new bank and account as requested. What they don’t realize is the email was not sent from the supplier and the business has not only lost the money they sent, but they also still owe the original supplier.
Attacks such as these can be prevented by implementing internal processes for verifying and authenticating wire transfer and ACH requests. As with other types of fraud, there are several variations and ways wire transfer imposter fraud is perpetrated. The best way to protect any business is to:
- Educate staff about potential fraud situations like the examples shared in this article.
- Enforce a strong accounts payable policy, wire transfer policy, and verification process, including dual controls where possible.
- Monitor bank accounts daily for any suspicious activity.
- Implement Positive Pay and ACH Blocks on accounts to protect against check and electronic payment fraud.
- Consider having separate accounts for paper payments and for e-payments.
- Telephone your supplier to verify any change to payment instructions received via fax or email.
With the proper amount of protection and a healthy perspective on trends, businesses can protect themselves from these types of fraud. Research shows that fraud is indiscriminate of employer size, industry or geography, so it’s imperative to take proactive steps to prevent and mitigate the effects of fraudulent activity.
Working with your bank as a partner to implement best practices and using the latest in Treasury Management products can be an important first step in protecting your business from fraudulent attempts.
If you experience difficulty logging in, suspect unusual activity, or encounter any other issues, immediately contact the Treasury Management team at 563.468.5602.