With an influx of businesses being victims of fraud, especially fraudulent ACH or wire transfer requests over email, we want to ensure that you are protecting your business to the fullest. Any business can be the target of scammers. Small businesses are scammers’ number one target. According to the ACFE, small businesses with fewer than 100 employees are the most common victim of fraud.
ACH Fraud is Committed Via Email
ACH fraud is increasingly being committed through Business Email Compromise (BEC). What makes BEC attacks so threatening is the difficulty to identify them. In a BEC scam, a cybercriminal compromises legitimate business email accounts and then targets a business or individual to make some kind of request, usually involving a transfer of funds. The attacker will often pose as someone the recipient would trust, like their supervisor or the company’s CEO. These funds are then unwittingly transferred by the target into a fraudulent account controlled by the cybercriminal. These fraudulent wire transfers are often immediately transferred to cryptocurrency wallets and quickly dispersed, making recovery efforts very difficult.
In 2021, BEC losses totaled $2.4 billion among both large and small businesses.
How to Protect Against Fraudulent ACH and Wire Transfer Requests
One of the most important things you can do to protect your business from ACH fraud is to verify any requested changes to payment details. For example, if you receive an email requesting a change, do not make that change until you confirm with the company or person via a second communication method, such as over the phone or in person. Do not use the phone number that is in the email request or any other contact information in the email request. Instead, use a previously established number, or search for the business’s phone number on a search engine like Google.
Remember these tips:
- If you are originating ACH transactions to send funds to a merchant or direct deposit to your employees, always verify any changes made directly with that party. Do not accept changes or modifications through emails.
- If you do receive an email to change ACH payment instructions, confirm the request via telephone or another secure communication channel, such as a merchant portal or instant messaging service you already use with that party.
- Be wary of any instructions for follow-up the sender includes in their email request. Any request you receive could be a fraudulent email, so the instructions could push you closer to the fraudster.
How to Prevent BEC Attacks
BEC attacks can be the catalyst for multiple different cyberattacks. Since BEC scams rely on human error for success, a strong defense requires educating employees on potential attack warning signs. Here are some tips recommended by the FBI to help protect your business from a BEC threat.
- Be wary of the information you share online. By openly sharing things like pet names, schools you attended, family members, and your birthday, you can give a scammer hints to guess your password or answer your security questions to gain access to your personal accounts.
- Don’t click on any attachments or links in an unsolicited email or text message asking you to update or verify account information. Look up the company’s phone number (don’t use the contact information in the suspicious email or text) and call the company to ask if the request is legitimate.
- Carefully examine the message’s email address, URL, and spelling. BEC emails may use spoofed email addresses that are easy to miss if you aren’t paying attention, such as email@example.com instead of firstname.lastname@example.org (zero instead of an o).
- Never open an email attachment from someone you don’t know.
- Set up two-factor authentication on any account that allows it as an extra security measure.
- Verify payment and purchase requests by calling the requestor to make sure it is legitimate.
- If the requestor is pressuring you to act quickly it may be an indication of a scam.
- Trust your instincts. If an email or an attachment seems suspicious, do not click on it and seek verification from a second source.
Learn more about Choice Bank’s fraud prevention tools, such as Positive Pay, and request a meeting with our cash management officer here.
For additional cybersecurity tips and resources check out our Cybersecurity Resources page.