Some of the traits that make your small business agile are the same ones that can make you vulnerable to fraud. A smaller staff, for example, expedites your processes, but it also leaves you without the checks and balances larger businesses may have. And make no mistake, scammers find plenty of opportunity by going after small businesses because many don’t have resources in place to identify fraudulent activity until it’s too late.
Since 2016, business fraud has been on the rise. A recent AFP Payments Fraud and Control Survey reported that 78 percent of companies were targets of payment fraud last year. These scams are so effective because they easily blend in with normal accounting processes and business correspondence. Here are a couple of examples you can look out for:
What’s known as the business email compromise (BEC) scam is a prime example of how widespread business fraud has become. In 2017, 77 percent of organizations were targeted by hacking into email accounts and gleaning enough information to send convincing requests for bogus payments. Imagine that a hacker gains access to a one of your trusted vendor’s email and targets you after seeing a message about an open invoice. The scammer sends an email from the familiar vendor’s address, asking you to wire your payment to a new account. Because they know enough about what you owe, and it’s sent from an email address you recognize, it seems credible.
Another scenario: the scammer gains access to your company’s email, looking for an executive with an active out-of-office message. Knowing one of your executives is away and not able to answer in-person questions gives them an opening. In this scenario, one of your employees receives an email as if it came from that executive, saying, “I’m hopping on a plane, and I need your help getting an urgent payment to a vendor today.” Seeing nothing amiss, the employee wires money to the “vendor,” and just like that, you are victim to fraud.
These schemes succeed more often than you might think because the hackers imitate your known vendors and colleagues so well. Often, by the time a company pieces together what happened, the money is long gone.
ACH and Check Scams
Thanks to enhanced technology, forgery is on the rise and in 2017, 74% of companies experienced check fraud attempts. All a scammer needs is your account number — which they can easily find on any of your checks — to create counterfeit checks and start cashing them. Your business may not find out until the checks begin to clear. Technology also makes it easier to alter checks. Scammers steal a check mailed to a vendor, then change the payee to themselves and cash the check. Often they don’t stop with altering the payee name – they also change the amount, such as turning a $500 payment into $1,500. ACH (Automated Clearing House) fraud is another common scam that impacted 28 percent of companies in 2017. ACH fraud happens when your account number gets compromised and used to create online accounts and payments. Often, the scammers keep their spending amounts relatively low so that businesses don’t notice while multiple charges add up.
5 Key Actions to Protect Your Business
With a personalized protection strategy, you can help to avoid and minimize the potential damages caused by fraud.
Make your employees your first line of defense.
Educate all your employees about potential scams and how to detect them. The Federal Trade Commission’s Scams and Your Small Business guide is a great place to start. Informed, vigilant employees should be empowered to reach out to vendors, or even your own company executives, to verify requests that may seem unusual.
Build safeguards into your day-to-day processes.
Be careful about giving out account numbers and don’t leave statements or checks in plain view. Work with employees to set parameters that require management review of payments over a certain amount or when setting up new vendors. An additional step is to create standard processes requiring a second employee to review all transactions before finalizing. If possible, handle online banking using a separate computer that doesn’t access the internet for anything else. A dedicated computer limits opportunities for viruses that monitor logins or keystrokes, which could lead to scammers accessing your online banking.
Partner closely with your bank.
Your bank is an essential ally in fighting fraud. Tools like positive pay services and dual control can be implemented to protect you from bank fraud.. You can also take specific precautions against ACH fraud with services like ACH debit filter, which allows your bank to compare payments against a list of your authorized ACH payments before sending them through. Check with your banker about what services they offer that can assist in monitoring for fraudulent activity.
Insure against risk.
Protect your business against the worst-case scenarios by having insurance for cyber and check fraud. These policies provide critical financial support if you are the victim of email or check fraud. The amount of insurance you need should be comparable to how much money you normally keep in your accounts. Consult with your business’s insurance provider about finding the cyber fraud policy for you.
Don’t let embarrassment keep you from getting help.
Victims of these scams are often too embarrassed to seek help because they fell for something. But if your company is a victim, contacting your bank immediately is the best step to take. Your bank should have experts who can help you navigate the process, including when to file a police report or notify your insurance company. Always be completely candid in sharing information so the bank can provide appropriate assistance in handling your case and helping to protect you from future fraud.
Today’s scams are sophisticated and fast moving. Use best practices in prevention and work with your bank as a partner to fight fraud and mitigate your losses so you can keep your focus where it belongs: building your business.