By Roxanne Chance-Chin, Bank Secrecy Act Officer and Fraud Investigations Manager at The Bank of Tampa
Businesses are tempting targets for fraudsters because they possess a wealth of information and access to capital. As business owners, it’s important to know exactly how to spot and avoid scams, so you can properly protect your assets and educate your clients. Think it can’t happen to you or your business? Sadly, no one is immune to fraud attempts.
The Scenario
Fraudsters are running an online job scam where they post jobs on popular websites looking for individuals to expand their administrative team. The individual gets paid for their administrative work by keeping a share of check payments they receive and sending the remaining to their “employer.” Except the company is fraudulent, and the checks they are depositing contain the routing and account number for your business. To make matters worse, by the time you realize that fraudulent checks were being written and deposited, thousands of dollars in losses had already occurred. How could this happen? Well, there are many ways fraudsters can get their hands on your account information and create fraudulent checks. After an investigation at your business, you learned that through a phishing scheme, a key logger was added to an employee’s computer, and when that employee communicated with your bank, fraudsters were able to capture your bank information and started manufacturing checks with your account information.
Recognizing Common Scams
Of course, the example above is just one of many schemes. We see everything when it comes to fraud attempts. Below are a few common examples of fraud:
Businesses and individuals are frequent targets of phishing schemes. According to the FBI, phishing is usually the culprit when malware (malicious software) is found on a computer. At one time, malware was most commonly placed on a computer when an individual opened an infected attachment, but today, we see fraudsters employ comprehensive social engineering plots to trick recipients into giving them information and access, enabling them to fully infect systems.
Business Email Compromise (BEC) is booming. In fact, according to the FBI, BEC scams account for billions in businesses losses each year. In BEC scams, fraudsters target businesses that frequently process legitimate requests to transfer funds (for example, they use ACH to pay vendors). Fraudsters pose as a known client or vendor by spoofing an email address and request that the business changes the account where funds are to be received. Once the funds are sent, the attacker will shut down the account or move the funds into a new account, so the business can no longer recover stolen funds.
Another common scam we see impacting businesses is ransomware (malicious software or malware), which fraudsters use to obtain access and take over a company’s website or business account by holding it for ransom. Ransomware can occur inadvertently, when it’s downloaded to a computer by clicking on an online ad or link, opening an attachment, or in some cases, going to a website where the malware has been planted. Once installed, the malware will freeze your computer and communicate the ransom. Some malware will go as far as to encrypt the files on your computer, and even other computers or devices on your home or office network.
Avoiding Scams
There are steps you can take to protect your business and your clients from fraud attempts. Proper security software should always be updated on employee’s phones and computers. Additionally, you should train your employees (and clients) on fraud detection and prevention, as they are usually the first line of defense against scams. The Bank of Tampa encourages businesses to implement protocols and verification processes aimed at discovering fraud attempts early and stopping them before they occur.
For example, one of the best ways to prevent check fraud is to use a service known as Positive Pay. Through Positive Pay, you proactively notify your financial institution of checks issued, allowing them to confirm transactions when presented for payment. Without Positive Pay, unauthorized items are often identified during reconcilement, long after the funds have been stolen. Recovery opportunities can vary dramatically based on timely reporting and other factors.
Reporting Scams
If you believe your business has been a victim of a scam, notify your financial institution and local law enforcement immediately. You may also report Business Email Compromise to the FBI via their website: www.ic3.gov.
About the Author
Roxanne Chance-Chin serves as BSA Officer and Fraud Investigations Manager at The Bank of Tampa. Chance-Chin has more than 20 years of banking experience, fifteen of which have been specifically focused on bank regulations and governance. Chance-Chin holds a Bachelor of Science in technology management. Additionally, she holds the Certified Anti-Money Laundering Specialist (CAMS) designation, as well as the Financial Intelligence Specialist (FIS) designation. She is also a graduate of the Tampa Homeland Security Investigations Citizens Academy.
The Bank of Tampa | Member FDIC