As Jeff Taylor, Regions Bank’s head of Commercial Fraud Forensics, detailed the dangers businesses and organizations face from fraud, Katherine Lenn took notes while wearing a wry smile.
Lenn is the CFO of the Greater Birmingham Humane Society, and she knows as well as anyone the dangers out there that aren’t going away.
“We had an incident over the summer,” Lenn explained. “Actually, it was my email that was compromised. Fortunately, I was on the phone with our IT team when it occurred.”
Lenn was tipped off immediately when the IT person asked about the email and photo she just “sent” them. Knowing instantly it was an imposter scam, the scam attempt went no further.
Not everyone is as fortunate.
That’s why Regions’ Treasury Management team gathered local organizational leaders in Birmingham in person – and throughout the region via a live webcast – for a lunch-and-learn session called How to Safeguard Your Organization from Fraud.
We believe part of our goal as a bank is to ensure we are educating and creating awareness around fraud prevention.
Key Yeilding, Treasury Management Leader
“Fraud is a topic that gets our customers’ attention,” said Christian White, the Birmingham market executive for Regions. “It can be very disruptive and, in some cases, costly.”
For an hour in the auditorium of the Regions Center, the bank’s Birmingham, Alabama headquarters, Taylor and Treasury Management Leader Key Yeilding provided a blueprint on the dangers of fraud – as well as the best solutions.
“We believe part of our goal as a bank is to ensure we are educating and creating awareness around fraud prevention,” Yeilding said as she and Taylor dug into a wide variety of topics.
Check Fraud
What’s old in the world of scams is new again. Check fraud is one of the most popular frauds ongoing, costing organizations and businesses billions of dollars.
“In check fraud, most scams fall in the first two or three categories,” Taylor said. “First, the fraudster will wash the checks.” After altering the check, criminals will then sell them on the dark web. And by gleaning account information and routing number, criminals can also create realistic counterfeit checks.
In addition to altering checks and creating counterfeits, scammers will also forge signatures.
“Even if you don’t write a lot of checks out of an account, any time that account number information is out, you are susceptible to fraud,” Yeilding said.
Taylor suggests that clients convert their paper check payments to an electronic payment channel or utilize their bill pay software.
And if you must write a check, keep close tabs on the blanks at all times, reconcile your account regularly and, above all, use a gel pen that may be less likely to be altered.
Ransomware
This scam sends a shiver down your spine.
Fraudsters place malware into an organization’s computer system, lock the system with encryption, then demand a ransom for an encryption key to restore everything to normal.
Most organizations are willing to pay the ransom to regain their system. But, in truth, their problems are just starting.
“You may pay the ransom fee to get the encryption key, but they still have your data,” Taylor said. “They’re mining through the network to find the data. If you’re in healthcare, they’re going to be interested in patient and physician data, and will then advertise that data for sale on the dark web.
Odds are the scammers will come back later and demand another ransom for the valuable info.
To complicate matters, ransomware kits can be purchased on the dark web.
“To make the attack easier, fraudsters have created a ‘Ransomware-as-a-Service’ package for sale on the dark web, including customer service support,” Taylor said.
Taylor said the best protection against ransomware is to engage your IT team and constantly evaluate your system’s vulnerabilities while backing up data on a regular basis. If you become a victim, notify impacted parties immediately.
Business Email Compromise
Most BECs target the financial side – people who can move money – and use a variety of tactics including executive or vendor impersonation.
Taylor provided a vendor impersonation scheme as a prime example. A “vendor” sends a legitimate looking email saying they’ve changed banks, and an invoice needs to be paid into the new account. Because of the business cycle, it may take 30 to 60 days to realize a payment went to fraudsters and not to the real vendor.
While recovery can’t be guaranteed, the faster you notify the bank, the greater the likelihood we can recover your loss, Taylor said.
One red flag to look for in these scam emails: the use of the word “kindly.” It’s often a sign that the scam email originates overseas (“kindly” is not part of the traditional American business vernacular).
Looking Around the Corner
Taylor offered a chilling glimpse into scams of the future.
Foremost are Artificial Intelligence-generated scams, which can include deep-fake audio and videos and AI-generated messaging.
Another concern is the growth of trusted partner imposter scams from spoofed numbers, spoofed websites and search-engine ads, where criminals pay for their fake landing pages to be seen first.
“The one that’s really scary, because it’s difficult to detect, is deep-fake video,” Taylor said.
Sitting in the audience, Lenn took the warnings in stride. She started her career as a banker and learned as a nonprofit leader to stay on top of these troubling trends.
If you have a presence in the community, you’re a target. If you do business, you’re a target. No one is too big or too small.
Katherine Lenn, CFO Greater Birmingham Humane Society
“Thanks to Regions and other business partners, we’ve been exposed to fraud prevention remedies along the way,” Lenn said. “I’m the CFO, so managing these threats is part of what I do.
“If you have a presence in the community, you’re a target. If you do business, you’re a target. No one is too big or too small.”
That’s why, in the world of fighting fraud, information is key.
“This is a hard topic and not one we enjoy talking about,” Yeilding said. “But education may help prevent you from becoming a victim.”
The information presented is general in nature and should not be considered, legal, accounting or tax advice. Regions reminds its customers that they should be vigilant about fraud and security and that they are responsible for taking action to protect their computer systems. Fraud prevention requires a continuous review of your policies and practices, as the threat evolves daily. There is no guarantee that all fraudulent transactions will be prevented or that related financial losses will not occur. Visit regions.com/STOPFRAUD or speak with your Banker for further information on how you can help prevent fraud.