Business Insights

Protect Your Business From Being a Victim of Banking Fraud Activity

When infamous bank robber Willie Sutton was asked why he robbed banks, he reportedly said, “Because that’s where the money is.”

Today’s computer hackers may not be aware of Sutton’s legacy, but they certainly have figured out where the money is – cyberspace.

According to the FBI, hackers stole more than $2.7 billion from victims via cyber scams in 2018, and that’s nearly double the 2017 total.

hacker in the darkThe impact to a small business can be devastating. A report by the Better Business Bureau said the average small business’s loss due to a cybercrime incident is $80,000. Moreover, the U.S. National Cyber Security Alliance shows 60% of small businesses that experience a cyberattack close within six months as a result. As e-commerce and digital platforms continue to grow, a company’s life expectancy increasingly depends on its owner’s vigilance in protecting its cyber presence.

According to Jeff Norris, Chief Information Officer for Seacoast Bank, the most common scam he currently sees is the “CEO/CFO fraud” or business e-mail compromise (BEC). In these fraud scenarios, criminals send phishing e-mails to impersonate executives to deceive employees in accounting or HR into executing unauthorized wire transfers or sending out confidential tax information. It’s a trend that’s taking place in all 50 states and in 150 countries worldwide. The FBI reports it is now a $12 billion global scam, with a 136% increase in identified global losses between December 2016 and May 2018.

Kaela Lerner, Senior Vice President and Director of Treasury Management Sales for Seacoast Bank, shared a firsthand example. A manufacturer she knows received an e-mail from what it believed was a vendor notifying it of a change in wire instructions. The manufacturer had regularly wired funds to the vendor in the past, so based on that email, without voice verification, it changed the wire instructions and sent a payment of nearly $100,000. As it turns out the e-mail was not from their vendor – but it was counterfeited to look exactly like it – the only difference was a very minor change in the e-mail address. By the time the vendor reached out to the manufacturer to ask where its payment was, the wire had been received at the bank indicated in the fraudulent e-mail and moved to an account outside the country.

The scam isn’t confined to businesses, said Lerner. The CFO of a school she knows received an e-mail from the school owner with wire instructions for $50,000. The e-mail looked exactly as it should. The CFO wired the funds without voice verification. By the time the CFO realized the mistake, the transferred funds were not able to be recalled. lock on credit card

Real estate transactions represent another potentially vulnerable area. Lerner described an attorney that conducted numerous real estate closings who received an e-mail with the wire instructions to the seller for proceeds. The attorney was unaware that the office computer system had been hacked and the e-mail was not from anyone representing the seller. No voice verification was conducted to confirm the instructions, and the funds were wired out. The loss exceeded $150,000. 

Get the latest updates, offers and helpful financial tips.

As e-commerce and digital platforms continue to grow, a company's life expectancy increasingly depends on its owner's vigilance in protecting its cyber presence.

Norris works hard to educate the bank’s clients on how they can protect themselves by utilizing the tools available to them for watching their accounts. He encourages business owners and managers to ask their bank about threshold alerts, positive pay, dual authorization and the ability to continually monitor their accounts. Other industry best practices that all business owners should implement include:

  • Identify the high-risk or highly targeted individuals in your organization
  • Look to see if you have technical controls and use them, e.g. dual authorization, card limits, threshold alerts, e-mail filtering and use multi-factor authentication where available.
  • Have a policy & procedures specifically for wire transfers and make sure your employees follow them with zero deviations. BEC scams can only work if account holders fail to follow these policies.
  • Conduct frequent training for all users in phishing and security awareness. It’s critical that everyone recognize the “red flags” for suspicious emails.
  • Work with a security awareness organization to test your company to see if management and employees are susceptible to phishing emails.


Norris warns that if it happens to you, first and foremost contact your bank immediately. With money transfers, time is of the essence to attempt to stop fraudulent wires or ACH transmissions. Norris also recommends pursuing local law enforcement and filing complaints with the FTC and the FBI Internet Crime Complaint Center (IC3).

Additional resources for business owners and leaders to learn about banking fraud and cyber crime prevention are listed below.

 

Cybercrime is on the rise in Florida. Find out how to protect your small business with these cybersecurity tips >

loading...

Connect with a local banker about your business needs.

Are you interested in contacting a local, Florida banker to discuss your individual financial needs? We’d love to speak with you. Schedule a consultation today.

Contact Form