By Edward Kraemer, Senior Vice President, Chief Information Security Officer
Small business financial fraud is on the upswing in the U.S. According to PwC, opens in a new window38 percent of small businessesopens PDF file experienced fraud in the last 24 months, with one in four reporting a $1 million loss. Wire transfer fraud is up considerably in small- and medium-sized businesses because they are a target-rich environment. And, with cyber security risks commanding the attention of small businesses, many have neglected the threat of old fashion check fraud, which opens in a new windowcost U.S. businesses nearly $20 billion in 2021.
To prevent financial fraud, businesses must be their own first line of defense, starting with recognizing the potential for fraud and then taking measures to minimize the threat.
What is Wire Transfer Fraud?
Wire transfer fraud occurs when fraudsters gain access to your bank account information, enabling them to remove funds electronically from your account. Scammers employ many methods to steal bank and other account login information. Email phishing or Business Email Compromise (BEC) is the most common. The scammer sends an email made to look like it’s coming from a legitimate source, such as a vendor, financial institution, or even a colleague. The fraudulent email can take the form of an account alert, payment request, request for information, or something else that appears legitimate, and includes an urgent call to action that directs you to a genuine-looking website where you are invited to log in using your personal account credentials. The phisher captures your personal information at that point, so they can later impersonate you on your bank’s actual website and proceed to drain your funds or spend your money.
You can reduce the likelihood of success of any financial fraud initiated against you. Education is the key – educating your employees on the risks, vulnerabilities, and, specifically, what to look for before executing a wire transfer.
Watch for phishing expeditions: Closely scrutinize emails for inconsistencies in email addresses, domain names, and salutations. If anything appears remotely suspicious, call a phone number you trust and talk with someone familiar to confirm a transaction you’re unsure about.
Be cautious of urgent calls to action: Be suspicious if you are urged to make a quick decision. Scammers typically try to inject a sense of urgency into their emails to spur an immediate response.
Verify email requests: Sometimes, an executive’s or vendor’s email account is compromised, making scam requests appear to be from a legitimate source. Always contact a transfer recipient by phone to verify the request. Consider it a red flag if you are unable to reach them.
Enable security features: Use multi-factor authentication when transmitting or storing bank account information. Also, make sure you have a firewall installed for all information portals.
Take immediate action: If you think a scammer has victimized you, contact your financial institution immediately and request that it contact the recipient’s financial institution.
Don’t Neglect the Threat of Check Fraud
Despite a steady drop in paper check payments, check fraud remains businesses’ opens in a new windowmost vulnerable payment method. With advanced printing technology, fraudsters can more easily create counterfeit checks, giving them access to your account.
While there is no way to completely prevent check fraud from occurring in your business, there are a few steps you can take to minimize the threat, including:
Tighten internal controls by eliminating the opportunities for internal fraud. That could include locking up blank checks, separating employee functions, creating dual controls, and close account monitoring.
Use caution when mailing checks. Never use public mailboxes when sending checks. Always drop them at the counter or a drop box inside the post office.
Closely monitor your accounts. Losses from check fraud can be prevented with early detection. The more time passes after a check clears your account, the more difficult it is for banks to recover lost funds.
Use positive pay. The most effective way to avoid financial losses due to check fraud is to not allow fraudulent checks to be paid from your account. Positive pay is a cash management service that enables the business to upload lists of valid checks when they are issued and will flag any checks that aren’t on the list for validation before they are paid.
While businesses need to be proactive in preventing fraud, your business bank can be your fraud prevention partner, using sophisticated cash management tools to help you monitor and detect it before it’s too late.
The writer is Senior Vice President and Chief Information Security Officer at Burke & Herbert Bank.