When it comes to safeguarding your financial assets, you can never be too careful. After all, one wrong move could put your company’s information at risk or even compromise your devices. Fortunately, there are several measures you can take to protect you and your business from common bank scams.
The first steps include educating yourself on potential red flags and minimizing your risk by taking proper security precautions. At Riverview Bank, we believe in arming our clients with the tools they need to secure their financial futures, both personally and professionally. With the right amount of know-how and a few simple steps, you can reduce your risk and save yourself from making costly mistakes.
Recognizing Common Bank Scams
Business Email Compromise
According to the Federal Bureau of Investigation, business email compromise (BEC) is one of the top financially damaging online crimes. BEC entails a fraudster spoofing or compromising the email account of a known individual within the company, such as a corporate executive, or outside the company, such as a frequently used vendor. There may be a slight variation in the email address that goes unnoticed, making the email appear legitimate. In both cases of BEC, the bad actor will use the email to make a request that you change something important, hoping that you do not confirm the change through a trusted contact.
If employees fall victim to this type of scam, the losses can be substantial. For example, one Connecticut business lost more than $5 million to a BEC scheme. Though the company acted quickly, and some of the money was eventually recovered, the business still took quite the hit—showing that even a minor oversight can lead to major damages.
Ensure you have proper procedures to confirm any abnormal requests that may include payroll, invoices, or billing account changes outside of email interactions.
Phishing Attacks
In a phishing attack, a scammer poses as a legitimate business to reel you in and trick you into revealing sensitive information. They’ll sometimes use a sense of urgency to get you to take the bait and fall for the ploy, hook, line, and sinker.
For example, a scammer may pose as a bank by spoofing a legitimate phone number to call you with. They fabricate an urgent incident—possibly flagging fraudulent activity on your account that does not exist and ask you to click on a link to update your login credentials. When you do, you’re taken to a malicious website that steals your personal information, such as passwords or credit card numbers. Scammers may also contact you by phone, known as vishing, or through text message, known as smishing.
These malicious links may also contain malware that automatically installs itself when your device connects, allowing it to monitor your device for other credentials and activity that might be performed.
Phishers may also instruct you to connect to unrelated websites so that they may "help" you directly. What is really occurring is that they are using a "remote access tool" which allows them to view and take control of your device.
A North Carolina business owner became the target of a smishing scam when he received an urgent fraud alert text from what he believed to be his bank. Once he replied back, the scammer gave him a call from a number that appeared to be his bank’s number and convinced him to send two Zelle payments totaling thousands of dollars. Unable to recover the money, he shared his story in hopes of preventing others from making the same costly mistake.
If you are ever unsure about a communication you receive, please hang up and call us directly to confirm you are talking with authorized personnel (Client Services line: 800-822-2076).
Phony Invoices
It’s common for businesses to receive invoices from vendors or independent contractors, but be careful—it’s possible that not all these invoices are legitimate. Scammers often send invoices for products or services that a company never ordered, hoping that the person paying the bill isn’t paying attention.
In some instances, employees themselves may be in on the scam. Hospitality brand Cipriani sued two of its executives and a longtime vendor, claiming the executives received kickbacks from the vendor for approving false, inflated, or duplicate invoices. The brand claimed it lost millions in the decade-long scheme and alleged that the executives pocketed several million dollars of the lost funds.
Wire Transfer Fraud
Scammers often ask for money to be sent via wire transfer because it’s virtually the same as sending cash. It can be very difficult to reverse these funds or recover stolen money once it’s in the fraudster’s hands.
One Kansas-based business experienced wire transfer fraud after receiving a transfer request from a legitimate business. As it turns out, the fraud was the result of a BEC scam. The company’s email account was hacked, allowing the scammer to send a fraudulent request from the company’s actual email account.
The county district attorney issued a warning following the incident, urging local businesses to verbally confirm all transfer requests. Rather than relying strictly on email for wire transfer approvals, he advised calling a known and trusted contact at the company to verify the transfer request by phone.
Implementing a clear protocol for wire transfer approvals (such as dual authorizations from two separate employees), along with proper checks and balances, may reduce your risk of losing money to this common scam.
Tips for Protecting Your Business
Familiarize yourself with the best ways to guard against common bank scams. Here are a few tips to help you get started:
Multi-Factor Authentication
Multi-factor authentication adds an extra layer of protection to your accounts. Rather than simply logging in with a username and password, you’re required to provide at least one other form of verification before accessing a secure account.
For instance, when you log into a site using your credentials, you will receive a notification containing a passcode to your phone. This code will also be required to access the account. It’s important to read the entirety of the text and to note that you should never give this code out to anyone, not even if the person asking says they’re contacting you from your bank.
According to the Cybersecurity and Infrastructure Security Agency, enabling multi-factor authentication on your accounts makes you 99 percent less likely to be hacked.
Ongoing Employee Training
Stay ahead of bank scams through ongoing education and employee training. Ongoing training teaches employees how to spot red flags, like slight variations in links or email addresses that appear to come from a trusted source—a common tactic used in phishing attacks.
In fact, one former Kentucky State Treasurer credited cybersecurity training with helping her office stop a fraud attempt that would have cost millions in taxpayer dollars. While the sophisticated scam appeared legitimate, office staff recognized something wasn’t quite right and put a stop to the attempted fraud.
Positive Pay
Positive Pay saves your business both time and money by reducing the risk of fraudulent activity. With Positive Pay, you can submit information to your financial institution regarding issued checks and authorized ACH transactions. When a check or transaction doesn’t match the provided information, it will be flagged as an exception item. You then have the ability to approve or decline the payment—significantly reducing your risk of check and ACH fraud.
Real-Time Updates
Regular account monitoring helps you spot anything out of the ordinary so you can act quickly. Automate account monitoring by setting up real-time alerts. When your bank detects irregular activity, you’ll be notified right away so you can take immediate action.
If you’re interested in learning more ways to keep your business banking secure, reach out to the Business Banking team at Riverview Bank. We understand the care you’ve taken in starting and growing your business. That’s why we’re committed to guiding you in protecting what you’ve worked so hard to build.