Cybercrime is no longer a matter of if, but rather a matter of when, and it is no longer limited to just large corporations. Businesses of all sizes are targeted by today’s sophisticated cyber criminals with various types of malware and schemes. A business should never rely on just the strength of anti-virus software or e-mail spam filters deployed on its network and computers.
One of the most common schemes is the Business E-mail Compromise, which generally target commercial clients. The criminals either submit fraudulent transaction instructions directly to a bank by impersonating company employees through e-mails, or they mislead a company employee into submitting fraudulent transaction instructions to a bank by impersonating a supplier or company executive through seemingly legitimate internal e-mails.
How to Protect Yourself
In the case of a fraudulent request sent to the bank, rest assured that we will always contact you by phone to confirm the request.
In the case of a wire request from an executive or upper management, confirm the request by a method other than e-mail with the individual or the individual’s assistant. If you are not able to confirm the request, then do not approve the request.
In the case of a supplier providing updated payment instructions, confirm the request by a method other than e-mail directly with the supplier. If you are not able to confirm the changes, then do not process any payments using the new instructions.
Please keep in mind that once a wire has left the bank, there is no way of retrieving the funds from the receiving bank. As a matter of fact, the receiving bank is under no legal obligation to ever return the funds.
Have a two-person process for important transactions. Paying invoices and changing account numbers for remittances should not be too easy. Require separate approval from a supervisor so you always get a second opinion when company payments are at stake.
If your e-mail software supports it, use 2FA, or two-factor authentication, and refer to those one-time codes that come up on your phone or on a special security token or app. With 2FA, just stealing your e-mail password is not enough on its own. All of the major free e-mail service providers have this feature. If you use Microsoft Exchange, then discuss your options with your IT professional.
Online Banking Red Flags
- Security questions being prompted despite no change in online behavior
- Vanishing screen after logging into online banking
- Your screen freezes after logging in or after accessing a payment screen, such as ACH or wire
Online Banking Security Tools
- Do not ignore security e-mail notifications
- Turn off e-mail notices and turn on SMS text alerts (Logins, transactions)
- If possible, request to be set up with dual approval for ACH and wire
- If possible, request IP address restriction
- Review account activity daily; commercial clients only have one business day to dispute electronic transactions
Please contact us if you have any questions or concerns about the security of your accounts. We are here to help.