It’s time to talk.
Fraud is everywhere. But the best defense is knowledge.
That’s why Regions Bank and the Business RadioX Network are teaming together to detail some of the most common fraud schemes – and the best responses to identify these scams and stay safe.
Over the next few months, Jeff Taylor, Regions head of commercial fraud forensics, sits down with J.D. Mealor, a Commercial Banking Leader based in Georgia, at Business RadioX’s Atlanta studio to discuss where fraudsters are going next.
Take a few minutes, dive into these podcasts and start taking steps to defend your finances and information.
Business Email Compromise
This remains the number one method of attack, costing Americans $2.7 billion in losses in 2022 alone.
“BEC is basically just what it says,” said Taylor. “It’s the use of email to create a compromise of payment data, resulting in funds being redirected to an account controlled by the fraudster.”
These attacks target employees with access to the finances of the company or the capability to move money. Departments like Accounts Payable, Payroll, and Vendor Management. Taylor noted.
Adding to the pain of being a victim, the money is hard to recover because fraudsters move quickly to transfer finances to new accounts, often with wire transfers.
But, Taylor noted, there are ways to protect yourself:
- Educate associates, helping them identify attack methods.
- Create a company response and governance plan so you’re ready to respond quickly to an attack.
- Establish controls governing payments and changes in payments, including dual control that requires an extra set of eyes.
- Taylor recommends using the callback control STOP-CALL-CONFIRM. When you receive a request, STOP the process, CALL the requestor at a number you recognize and CONFIRM that the request is legitimate.
“Fraud continues to grow, and I don’t see it declining any time soon,” Taylor added. “I think it is important to keep up a fraud awareness mindset and be conscious of the risks of fraud in the world today.”
This old-school scam is one of the most prolific today. According to a 2023 survey of financial professionals 63 percent of businesses surveyed reported being victims in the previous calendar year.
“For businesses, checks remain a staple in the payment process,” Taylor said. “Converting payments to a digital alternative like a credit card or an electronic automated clearinghouse or ACH transaction is not always possible. Vendors may be reluctant to accept these forms of payment for a variety of reasons. Some valid, but some are just relics of the past without consideration for the future.”
With today’s technology, it’s easier for criminals to create real-looking checks with identical-looking signatures. Another problem is the access to existing checks through interception of the mail.
“The fraudsters take the stolen checks and alter the payee name or amount and deposit the checks into mule or drop accounts they control,” he explained. “Alterations like this may not be identified for weeks after the fraudulent check is negotiated and is usually detected when the intended beneficiary of the check reports not being paid.”
Taylor does offer some suggestions to fight check fraud:
- Reconcile your accounts on a regular basis. By banking online, you can confirm payments daily.
- Place a stop payment when you recognize fraud or a range of numbered checks that aren’t showing up.
- Convert payments to electronic alternatives, when possible, and leverage additional controls including dual control and least privileged access.
- Secure your check stock and banking information. And never sign blank checks.
- Leverage protection products provided by your bank. They are intended to help keep you safe.
There’s a similar word for this: extortion.
“It’s defined as the introduction of malicious software designed to block access to a computer system until a sum of money is paid,” Taylor said. “Fraudsters typically launch these types of attacks by finding a “crack in the armor’ of defenses established by businesses to protect their network.”
The motives for ransomware can differ greatly. A court system can be hijacked to stop proceedings. A local government can be attacked to disrupt business.
“In other cases, the fraudster’s goal is to obtain monetary gain by demanding the payment of a ransom to recover the encryption key necessary to break the malware and unlock the system,” Taylor said. “According to recent statistics, the average ransomware payment in 2023 of $1.54 million is almost double what it was in 2022.”
There are steps you can take to improve your odds:
- Regularly backup the network and critical files to reduce exposure. Then store backups off site.
- Disconnect the affected computer from the network. But don’t turn it off – otherwise you might lose key forensic information.
- Immediately engage your technology team or IT vendor so they can begin triaging the damage.
- Contact affected parties as well as partners who can help you with data recovery.
Related Articles from Doing More Today
The information presented is general in nature and should not be considered, legal, accounting or tax advice. Regions reminds its customers that they should be vigilant about fraud and security and that they are responsible for taking action to protect their computer systems. Fraud prevention requires a continuous review of your policies and practices, as the threat evolves daily. There is no guarantee that all fraudulent transactions will be prevented or that related financial losses will not occur. Visit regions.com/STOPFRAUD or speak with your Banker for further information on how you can help prevent fraud.