Think your company is safe from fraud? Don’t be too sure; cyber-criminals continue to target online banking and electronic payment transactions. According to the 2016 Association for Financial Professionals (AFP) Fraud and Control Survey, nearly three-quarters of respondents said their organizations were exposed to either attempted or actual payments fraud in 2015.
Fraud committed against business bank accounts generally occurs by writing unauthorized checks, through wire fraud or through ACH fraud. With only two pieces of information – your business checking account number and bank routing number – a criminal can make a payment for goods or services either by phone or online.
How fraud originates
The usual starting point for fraud is social engineering, which is the practice of obtaining sensitive information by tricking people into breaking normal security procedures.
It’s wise to train your employees to be alert for the ways cyber-criminals target businesses. They tend to:
- Look for those who divulge passwords or other sensitive financial or personal information
- Direct you to a website to download something malicious
- Ask for remote access to your computer
- Secretly install malicious software on your computer
One of the most common strains of social engineering is called phishing, which usually involves a spammed email, phone call, voicemail or text message sent by criminals who intend to capture personal information (e.g., Social Security number, credit card information, user IDs and passwords).
Phishing emails often appear to come from legitimate sources you know, or a company you specifically do business with. In early May, a massive phishing campaign targeted Gmail users, spreading like wildfire as recipients would unknowingly click a realistic-looking GoogleDoc link, coming from a person whose name they recognized, sending the worm to all of their contacts. The sophisticated attack fooled many very vigilant recipients.
Phishing emails often contain malware that can be installed on your computer when you take the action requested in the email. These emails may also attempt to steal your banking credentials or other personal information by asking you to confirm data. Malware can cause a wide range of problems, from system disruptions to the loss of personal data or identity theft.
Your computer could also be infected when a user:
- Visits less-than-trustworthy websites (e.g., gambling, adult content)
- Downloads and installs “free” software
- Visits a website that has been compromised
- Responds to a malicious advertisement on a website
Another type of social engineering is account hijacking, whereby your email or any other account you have associated with a computing device or service is stolen. For example, an employee may receive an email that appears to be sent from a manager requesting transactions to be initiated or a change in account information. Employees should be sure to confirm via phone or in person if a change out of the ordinary is being requested.
Safeguarding electronic payments
To help protect against fraudulent wire transactions, organizations need to carefully monitor all electronic payments, especially wire activity.
Never send funds to unknown individuals. Completely understand and verify crisis or urgent requests.
If you receive an unexpected, urgent message from any known senders asking you to wire funds to them, call them at a trusted phone number to ensure they truly sent the request.
What to do if you suspect you’RE a victim of fraud or malware
Call your bank’s fraud and/or dispute hotline directly for an analysis of the situation and further direction. After calling the hotline, contact your relationship manager to make them aware of the issue. If you are unsure whether an email is an authentic message from your bank, call them right away to verify. Do not respond to the message.
If you have discovered malware on your computer, clicked a link or opened an attachment and are not sure if your computer is safe, immediately disconnect your computer from the internet and your company’s network.
Contact your bank to inform them of the malware concern and consult with a qualified IT professional to scan for and/or remove any malware and viruses. Unfortunately, depending on the type of malware, any networked computer is at risk of infection from any other computer on the same network. This is why removing the computer from the network and internet is so important.
Remember, if you or your business is a victim of fraud, it’s important that you report it to the proper law enforcement authorities. Losses are reduced, since you can prevent unauthorized transactions before they occur. Identify potential fraudulent items quickly as opposed to waiting for your monthly statement and then identifying a problem.
Jeff Taylor is vice president and relationship manager for business banking in KeyBank’s Vancouver office. He can be reached at 360.449.8059 or at jeff_w_taylor@keybank.com.
