As we enter a post-pandemic marketplace, the way companies conduct business has changed forever.
With a much greater emphasis on digital banking and transactions, plus an increased exchange of sensitive data in potentially unsecured environments thanks to remote and hybrid work, it's no wonder there has been a rise in fraud over the last two years.
For example, according to the February 2022 LexisNexis Risk Solutions Study, small- to mid-sized business lending fraud increased 6.9% since 2020. And considering that even consumers reported 70% more fraud in 2021 than in the previous year, according to a recent Federal Trade Commission study, it's safe to say that fraudsters are feeling empowered, putting both consumers and businesses at continued risk.
As companies continue to adapt to remote work processes and systems, it's more important than ever to emphasize best practices. Even the smallest lapses in security protocols, like clicking on a fraudulent link in a suspicious email or agreeing to wire money to an unverified person claiming to be a legitimate vendor, can wreak havoc.
Here's what you need to know to safeguard your business from fraudsters.
Beware of Business Email Compromise
According to the 2021 AFP Payments Fraud and Control Survey, 76% of respondents said that their companies had been targeted by BEC (business email compromise) attempts in 2020.
These fraudulent emails are intended to get the recipient to click a link, which then downloads malware onto his or her computer. Phishing can lead to serious consequences for your organization, especially if sensitive data becomes compromised.
In the worst cases, your company might be victimized by a sophisticated phishing email that implants malicious software, or "ransomware," onto your company network. This can compromise sensitive business information or confidential customer data. Other fraudsters might attempt an account takeover, where they hack into your employee's email and use an employee's credentials to authorize fraudulent payments.
Preventing business email compromise starts with training your employees to be vigilant and watch out for suspicious-looking emails. Phishing schemes have gotten more sophisticated in recent years, and the fraudulent emails might look surprisingly "official." They might even have authentic-looking logos from public health organizations.
“It's important to revisit your business' training and protocols for fraud prevention and information security. Just like we should stay up to date on the latest scams that are targeting people in our everyday lives as consumers, we need to educate our employees and help everyone stay vigilant about suspicious emails that arrive in our work email in-boxes.”
Director of Treasury Management Services for First Horizon Bank
Keep an Eye Out for Vendor Impersonation
Some fraudsters trick businesses out of their money by claiming to be legitimate vendors. These fraud schemes might contact your business by email or by phone, claiming they are one of your existing vendors and they recently got a new bank account. If you're not careful, you might be sending money to a fraudster.
"It's crucial for businesses to put good processes in place to verify vendors and payment requests via multiple means of contact," says Kasmiersky.
This is also a good occasion to take another look at your company's internal controls for processing payments. Do you have dual custody in place so that more than one person on more than one device can review and confirm payments before they go out? Do you have daily account reconciliation to help prevent or detect fraud?
"Internal controls are an important step to make sure your company is protected against fraudulent payments or vendor impersonation, but your bank can help you with another level of security," says Kasmiersky. "First Horizon offers a variety of solutions and services that can serve as an extra line of defense against suspicious transactions."
In the current landscape, supply chain disruptions and product shortages may be providing fraudsters with new opportunities to scam businesses. They could potentially ask for advanced payment to secure a shipment, when in reality, those products will never arrive.
"Businesses should exercise caution when issuing advance payment to new vendors if they don't already have a working relationship," advises Kasmiersky. "Ask to take delivery of the goods before remitting payment, or work with your bank to set up an escrow account that releases payment after the promised items are received."
Steer Clear of Wire Transfer Fraud, an Underrated Risk
Wire transfers are a less common type of transaction for most U.S. businesses, but the risk of wire transfer fraud is actually greater – in fact, it represented 39% of payment fraud in 2021. Because wire transfers happen faster – the money moves to the other bank in about one hour – fraudulent wire transfers can be especially difficult to recover.
"Talk with your bank about setting up a wire transfer agreement," says Moore. "This will give you a set of controls and procedures for initiating wire transfers so that your bank will not process a suspicious wire transfer."
For example, if your company president's email account gets hacked, a fraudster could use that email address to request a fraudulent wire transfer, Moore explains. "Many banks are hesitant to send wire transfers that are requested via phone or email; you can specify how wire transfers will be initiated in the agreement."
The bottom line? With business account fraud becoming more prevalent during COVID-19, it has emboldened criminals to look for new ways to infiltrate your business as we move into a post-pandemic reality. The good news is there are simple controls and procedures that your bank can help set up to protect your company.
Talk to a First Horizon banker to explore preventative options that can guard against fraudulent attacks against your company's bank accounts. Peace of mind is knowing you are doing all you can to keep your business and employees safe during COVID-19 and into the future.