Fraud Prevention For Your Business

How To Protect Your Business

  • Avoid free, web-based email accounts.
  • Monitor content on corporate social media accounts, particularly job duties/descriptions, hierarchal information and out-of-office details.
  • Raise suspicion about a request for secrecy or pressure to take action quickly.
  • Flagging any request from vendors, suppliers, or customers involving payments that suddenly change instructions, such as asking to route email through a personal email address or payments to a different bank account.
  • Consider additional IT and financial security procedures, including two-step verification.
    • Out-of-band communication
    • Digital signatures – don’t work with web-based email accounts.
    • Delete spam
    • Forward vs. reply
    • Two-factor authentication for corporate email accounts.
  • Enact rules that flag emails with extensions similar to company email.
  • Register ALL company domains that are slight variations of your actual company domain.
  • Verify changes in vendor payments by adding two-factor authentication, such as a secondary sign-off outside email from specially designated personnel.
  • Confirm requests for funds transfers using a method such as a phone call to a phone number in your system, other than email.
  • Pay attention to your customers’ routines, including the details and amount of payments.
  • Scrutinize all emailed fund transfers.

What To Do If You Are A Victim

  • Contact your financial institution immediately!
  • Contact your local FBI office.
  • File a complaint, regardless of monetary loss, at IC3.gov.

Best Practices To Mitigate Payments Fraud

  • Always verify the authenticity of the payment request. Call back the person who is requesting the payment from a known phone number.
  • Implement a call-back verification process when setting up payment instructions for a new vendor or making changes to payment instructions for an existing vendor.
  • Implement dual control and segregation of duties.
  • Education is key! Understanding email scams and educating your employees is critical in protecting your financial assets.
  • Test your fraud health.
  • Implement a cybersecurity policy and review it often.
  • Review your business insurance policy. Does it cover financial losses due to cybersecurity fraud?