Business Email Compromise Fraud
Business Email Compromise (BEC) attacks are on the rise. BEC is a form of cybercrime using email fraud to attack businesses. Across industries, companies have seen a significant increase in BEC attacks, which includes emails from spoofed or hacked email accounts requesting that account information be updated by the recipient (for both vendor payments as well as payroll). Many times, these emails impersonate a company executive, trade partner, or other known contacts. Typically, the fraudsters monitor email accounts for several months before the actual fraudulent request is presented. They monitor patterns, specific contacts, terminology, and other information.
When a request is received to update payment instructions, it is very important that the person being asked to make the change carefully reviews the request for legitimacy. It is challenging and often impossible to recover funds that are sent to a fraudulent account, so businesses should have appropriate training, policies, and procedures in place. However, by taking a few steps, you can mitigate this risk.
- Watch for incorrect email addresses, incorrect domains, grammatical errors, and messages that have a sense of urgency.
- We recommend that before making any account changes that you always verify by making a phone call to a valid phone number on record (not one provided by a hacker in email, but via your source info) to provide a verbal confirmation to verify it is a valid request.
Check and ACH Fraud
In addition to BEC attempts, businesses should also be on guard against Check and ACH fraud. Checks continue to be the primary payment method most often targeted by fraudsters. Utilizing Payee Positive Pay fraud protection mitigates the risk of altered or counterfeit checks, as it validates the information presented on the check with what was issued. ACH fraud often starts with a check that is intercepted; the routing and account numbers are taken from the check and the fraudster originates an electronic debit to the compromised account. ACH Positive Pay will protect that account from any debits that are not authorized. To further reduce the risk of fraud, we encourage companies to develop a strategy to transition payments from paper checks to electronic payments.
The most recent AFP (Association for Financial Professionals) survey shared some key findings related to fraud trends that many businesses are seeing.
- 65% of respondents indicate that their organizations were victims of either attempted or actual fraud activity in 2022.
- In 2022, checks continue to be the payment method most impacted by fraudulent activity. 63% of respondents report that their organizations encountered check fraud.
- 71% of organizations were targeted by Business Email Compromise (BEC) in 2022.
Steps to prevent fraud
There are steps your company can take to prevent BEC and other forms of fraud.
- Take advantage of fraud protection solutions like Positive Pay to help protect your accounts from financial losses.
- Implement internal and external procedures for payment instructions – for sending and receipt. Also, implement dual controls and approvals for additional authorization. Here are some suggested procedures:
- Define procedures for updating information with your vendors.
- Use verification procedures to confirm customer information is legitimate, like secondary channels or two-factor authentication (especially when they are adding new accounts).
- Refrain from supplying login credentials or personal identifiable information of any sort via email.
- Ensure any URLs in emails are associated with the business/individual they claim to be.
- Perform annual audit and review of all your customer lists and their information.
- Talk with your IT partner to ensure your security software is most current.
- Regularly reconcile your account/s.
- Fraud likelihood increases when businesses don’t take the time to reconcile their accounts daily. Businesses should focus on daily, or at minimum, weekly account reconciling.
- Conduct a Cyber Risk Assessment – Work with your risk management team to uncover potential risks and threats to your business.
- Purchase Crime and Cyber Insurance – Talk with your JFG Insurance advisor about the specific coverages to have in place should a breach occur.
Proactively protect your business
While BEC and forms of ACH and check fraud continue to rise, there are ways to be proactive and protect your business from financial losses. Raising awareness, taking action with your teams, vendors and clients, and putting solutions in place will save you a lot of time and money in the long run.
If you discover you are the victim of a fraud incident, immediately contact your financial advisor or treasury management consultant. Regardless of the amount lost, file a complaint with the FBI’s Internet Crime Complaint Center or, for BEC/EAC victims, BEC.ic3.gov, as soon as possible. Our team is here to help your business with fraud protection. Contact a Johnson Financial Group Advisor to discuss your options to help keep your business and finances safe.
ABOUT THE AUTHOR
VP, Treasury Management | Johnson Financial Group
As Vice President in Treasury Management, Jamie develops and maintains strong, meaningful relationships with commercial clients. She focuses on understanding their unique situation and suggesting the most suitable products and services for their needs. Additionally, Jamie strives to help clients become more efficient and reduce their risk of fraudulent activity.