By Loretta Carlson, Senior Vice President & Treasury Management Officer
Scammers are finding more creative and sophisticated ways to hack into online systems to steal money and sensitive information from businesses. Earlier this year, security researchers discovered that a database of about 26 billion records had been leaked to the dark web in what has become known as the “mother of all breaches”. While high-profile data breaches such as this often receive the most media attention, there are a variety of other common scams businesses and their customers fall victim to that don’t receive as much coverage. According to the Consumer Sentinel Network, over 850,000 imposter scams took place in 2023 that collectively robbed people of $2.7 billion.
Business owners face many unique challenges in a society that continues to become more digital and technology-dependent. The stakes are high when it comes to successfully running a business, and the last thing you need is for a scammer to come along and damage your company’s infrastructure.
Types of Scams Every Business Needs to Be Aware of
Summer is a prime time for scammers to take advantage of businesses. A common method is an account takeover (ATO), where criminals take control of business accounts while primary account holders are away, oftentimes while that person is out on vacation. Fraudsters lay low and closely monitor email communications between associates so they can learn business activity, figure out who’s who in the organization and how they interact. When the right opportunity comes, they dive in and take control of funds. In 2023, scammers stole over $2 billion from bank transfers or payments and wire transfers.
Companies can also face significant financial losses in what’s called a business email compromise (BEC), also known as an email account compromise (EAC) or phishing scam. In this situation, criminals will impersonate associates, colleagues, vendors, etc. to make a “legitimate” request for funds to use for business purposes. The objective is to swindle people into transferring money or giving away sensitive information such as passwords or bank account numbers. In many cases, scammers are able to steal hundreds or even thousands of dollars.
Fraudulent phone calls, also referred to as voice phishing or vishing, are another way criminals target people. In business settings, they often impersonate a customer or vendor to trick an employee into giving up money or personal information. Scammers are even going so far as to use AI voice cloning tools to record snippets of people’s voices, and all they need is a few seconds to use for their fraudulent purposes. To protect people in your company from falling victim to this trick, tell them to always let the caller speak first when they answer an unknown number.
Important Precautions Every Business Should Take to Protect Themselves
Employee actions create the greatest risk, so make sure you implement proper training and procedures. There are so many different ways for scammers to infiltrate your business, so it’s crucial to keep everyone on the same page.
Online Security Precautions
We all love the efficiency of communicating by email. As busy professionals and business owners, our days are stacked, and we don’t always have time for a meeting or a phone call. Email allows us to complete important tasks faster, but it’s also a common way for scammers to steal information and hack into our systems. Make it a company policy to avoid clicking on links or attachments when they are not expected or verified prior to clicking. Require employees to avoid sending sensitive information like wire instructions or account numbers via email unless they are encrypted. Use SFTP (Secure File Transfer Portals) when possible.
If your employees receive sensitive information, make it a policy for them to place a phone call to the sender using the number you have on file (not the one in the email, as this could be the fraudster’s number) to verify the sensitive information. Many scams can be avoided by simply picking up the phone to speak with a live person.
Provide cybersecurity training to your employees often and hire a company to test them by sending them suspicious emails. Their responses can help you validate the effectiveness of the training. It’s also critical to require employees to create strong passwords. The longer and more complex a password is, the better.
Implement dual control on account transactions, where one person initiates a transaction and a second approves it. Don’t allow your employees to access business data using a public computer, as that is one of the common ways scammers can hack into your system. Train employees to always check the sender’s email address, particularly if an email pertains to a payment request or other financial matters. Fraudsters can change one or two characters and open someone up to a fraud scheme.
Additional Cybersecurity Measures
These simple, but powerful steps can go a long way in warding off scammers:
- Safeguard your internet connection by encrypting information and using a firewall. If you have a WiFi network, make sure it is secure and hidden.
- Install antivirus software on all computers and update them regularly. Also install software patches regularly.
- Update all operating systems, web browsers and other applications to help secure all business data.
- Make sure your employees are using secure file transfer or encrypted email rather than standard email for sensitive communications. Encourage them to use self-service features such as "forgot password" rather than having IT staff reset passwords directly.
- Implement multi-factor authentication and policies around remote work and device usage.
- Prevent access to business computers from unauthorized individuals. Employees should have access to only the information they need so make sure administrative privileges are only given to trusted IT staff and key personnel.
- Regularly back up data on all computers, which is crucial for preventing data loss that can occur as a result of viruses, power outages or human error.
How EntreBank is Helping Businesses Protect Themselves and Their Customers
Education is Fundamental
We host seminars, workshops and events to provide information on new trends, tools and changes in the banking industry to help business leaders and entrepreneurs protect themselves against fraud as they are carrying out important financial transactions. We provide resources to help businesses educate their employees and customers on the signs of phishing and social engineering attempts as well as how to properly use various payment services through digital banking. We run educational and awareness campaigns around cybersecurity issues and common scams that impact businesses and their customers throughout the year with a major push during Cybersecurity Awareness Month in October.
We create blog posts and website content about how to spot the signs of and protect against bank imposter or credit card scams because it is crucial for businesses to protect the integrity of their business and educate their employees and customers on how to avoid falling victim to scams.
Once You Have the Knowledge, You Need the Tools
EntreBank provides advanced technology tools that offer businesses an intuitive, efficient and convenient banking experience. Our specialized fraud management features like Check Positive Pay and ACH filter services are inexpensive and easy to use. We have a mobile banking app for business owners and their accounting/financial personnel to manage direct deposits, payroll or automatic payments in one place. Fraud features such as alerts, debit card controls and customization provide business owners with an extra layer of protection against scams.
If you would like to learn more about how you can safeguard your business against fraudulent activity, sites like banksneveraskthat.com provide interactive information and quizzes. You can visit our resources page at entrebank.com or call us with your questions and concerns.