While October’s Cyber Security Month may be over, it’s important to be aware of how to protect yourself against online scams and fraud all year round. Whether you’re an individual or a business, fraud is an issue that can have serious financial repercussions for years to come. That’s why Academy Bank has made it part of our mission to educate our valued clients and customers about these risks.
For businesses, fraud is a particularly widespread issue. In 2020, 74% of organizations were targets of payment scams. That means your chances of being targeted are quite high.
Learn more about business fraud attempts and how you can protect yourself online.
The FBI’s Internet Crime Complaint Center (IC3) gives the public a reliable and convenient mechanism to report suspected internet crime to the FBI. The FBI analyzes and shares information from submitted complaints about investigative and intelligence purposes, for law enforcement, and for public awareness.
In 2020, the IC3 received 19,369 Business Email Compromise (BEC)/ Email Account Compromise (EAC) complaints with adjusted losses of over $1.8 billion.
BEC/EAC is a scam targeting both businesses and individuals performing transfers of funds. The scam is frequently carried out when a subject compromises legitimate business email accounts. Then, they often conduct unauthorized transfers of funds.
Fraudsters have become more sophisticated over the years, which means the BEC/EAC scheme has evolved as well. In 2013, BEC/EAC scams routinely began with the hacking or spoofing of the email accounts of CEOs or CFOs, and fraudulent emails were sent requesting wire payments be sent to fraudulent locations.
Over the years, the scam evolved to include compromise of personal emails, compromise of vendor emails, spoofed lawyer email accounts, requests for W-2 information, the targeting of the real estate sector, and fraudulent requests for large amounts of gift cards.
In 2020, the IC3 observed an increase in the number of BEC/EAC complaints related to the use of identity theft. And funds were then being converted to cryptocurrency. In these variations, we saw an initial victim being scammed in non-BEC/EAC situations, including extortion, tech support and more. The victim would be asked to provide a form of ID, which went to the scammer. Then, that identifying information was then used to establish a bank account to receive stolen BEC/EAC funds and then transferred to a cryptocurrency account.
Business Email Compromise continues to be the main source of fraud attempts. Of those who reported fraud attacks at their organization, 62% reported BEC. Fraudsters are successfully infiltrating payment activity at organizations by using email to do so. Many of them have been successful in these types of scams, which unfortunately encourages them to keep trying it with different organizations.
Common types of BEC attacks include the following:
Emails from third parties requesting bank changes, payments instruction, etc.
Emails from fraudsters posing as senior executives requesting transfer of funds
Emails from fraudsters impersonating vendors.
Fraudsters are increasingly using email to con organizations’ employees into believing they are legitimate vendors, staff, senior management, and other types of trusted parties. But this can compromise organizations’ payment systems. Employees and payments staff at these companies may believe these fake emails are legitimate and transfer funds to these criminals.
Not only can some of these attacks result in organizations being adversely impacted financially. But organizations’ confidential information may also be compromised.
Especially over the past two years with more people working from home, companies have needed to adapt and put processes into place in order to mitigate the risk of fraud.
One of the best ways to protect yourself, your business, and your employees from fraud is education. In fact, 77% of financial professionals believe that educating employees on the threat of BEC and training them to identify phishing attempts are the best ways to minimize the risk of fraud. This is even more important for those who are working remotely.
Here are some policies you can implement in order to prevent and contain BEC:
Implement company policies for providing appropriate verification of any changes to existing invoices, bank deposit information and contact information
Confirming requests for any transfer of funds by executing a call back to an authorized contact at the payee organization using a phone number from a system of record (not numbers listed in an email)
Institute strong internal controls that prohibit payments initiation based on emails or other less secure messaging systems
Require authorized signoff from senior management for transactions over a certain threshold
Adopt at least a two-factor authentication or other added layers of security for access to the company network and payments initiation
Color-coded emails indicating they are external
Intrusion-detecting system that flags emails with extensions that are similar to company email (example: where “rn” could be in the place of an “m” etc.)
Prohibit or flag emails where the “reply” email address is different than the “from” email address
At Academy Bank, the safety of your personal information and financial accounts is our top priority. We pride ourselves on protecting our clients; accounts and information.
On top of taking steps to protect yourself, several of our services available for our business clients can help give you an extra level of confidence when it comes to your organization’s finances.
For instance, some of our fraud-resistant offerings include:
ACH Origination: Debit payments from customers with next-day availability to funds, streamline payroll with direct deposit, use ACH Block to stop fraudulent debit activity on your account, and quickly issue remittance through our e.Origination system.*
Check Positive Pay: Add extra protection with Check Positive Pay, our online service that prevents fraudulent checks from being debited from your account.*
ACH Positive Pay: Academy Bank offers ACH Positive Pay, which is an online fraud mitigation service that allows you to manage ACH debit transactions from posting to your business account. Help further reduce fraud by preventing unauthorized transactions on your account.
Academy Bank Has Your Back
Academy Bank is committed to you and your business. And we’ll always have your back.