If you receive an email from your President or CFO asking you to wire money to a vendor, you’re going to do it, right? Or your vendor asks you to redirect an ACH electronic payment to a new bank account and the request includes a string of previous email conversations? That seems reasonable. In today’s digital world, even the most straight-forward, reasonable request requires extra scrutiny.
Payment fraud is becoming more common (and sophisticated) as fraudsters mine social media, creep into your business network, or even replicate email addresses. Once an ACH or wire has been authorized and executed, it’s often impossible to reverse. That’s why it is important for you and your staff to understand how you can protect your company, how UBT protects you, and what to do if your company does encounter fraud. We will cover all three of those in this three-part series.
How can you protect your company?
Strong IT Security
If you’ve never considered the security of your systems, start with the users and people who deal with your company’s banking. You may want to consider a separate computer used only for banking tasks. Employees who have access to your Business Banking Online should learn about phishing and spoofing. Our website has several videos you can share with these employees to help them understand what to look for. https://www.ubt.com/fraud-prevention-security/common-scams
Everyone in your company should be aware of phishing and how to spot it. Critically review emails asking you to click a link, open an attachment, or visit a site to enter your credentials - even from a trusted source. They may have fallen victim too.
Business Email Compromise (BEC) scams make an email appear to be from someone you know, when it’s fraudulent. These types of attacks have proven to be very successful because the email is coming from the account of a person you know.
A simple, effective way to protect your company is to verify out-of-the-ordinary requests using a different method of contact. A simple phone call could save your company valuable time and money.
A few simple questions can help you determine if the request is legitimate or needs further verification.
- Validate new payment instructions received via email—even if the email is internal.
- Pick up the phone and speak directly with the individual requesting a funds transfer or change to the beneficiary.
- Carefully review all payments before they are sent and validate supporting documentation.
Implementing dual-control can help further protect your company. If a criminal manages to initiate a wire or ACH, dual control will require you to approve the transaction before it’s paid. This extra step not only protects your company’s resources, but it supports your employees by preventing a simple mistake from becoming costly.
Review your accounts online frequently.
If someone gains access to your account, you may be able to identify and reverse the transaction. Most unauthorized payments must be returned immediately so consider adding positive payment systems to your account.
How can I learn more?
In addition the resources on our website and blog, we host an annual Fraud Seminar to help businesses in the community to educate their staff on current fraud and how to prevent it. RSVP to our Facebook event to be notified of the topics and when registration opens.