It’s that time of year again.
Everyone with expertise, or even an opinion, publishes what they believe to be the top fraud attack vectors to watch out for. Year after year, the descriptions and nuances change slightly, but many of the attack vectors look much the same as in years past. Often, it’s just the fraudsters repackaging an old scheme with a new bow.
Whether you are a commercial business or a consumer, fraudsters are looking for ways to penetrate your defenses and find a pathway to steal your money or data.
Here are my top 5 for 2024:
Year after year fraudsters successfully use variations of this attack method. Whether it’s the executive, vendor or employee impersonation, the use of email communications to request the creation of a payment or a change in an existing payment is still working. It is extremely important that you and your employees maintain a cautious approach when acting on requests received via email. The use of artificial intelligence and large language models will make these emails even more difficult to detect.
Many businesses have successfully implemented a call back control within their process to identify threats and stop these unauthorized requests. We call it STOP-CALL-CONFIRM. If you receive a request via email or text to originate a payment or change an existing payment, STOP your process, pick up the phone and CALL the requestor at a number you know (not the number in the email or text), and CONFIRM the request is legitimate. It’s a simple way to verify these requests and avoid becoming a victim.
The alteration of issued checks and the creation of counterfeit checks has become a plague on both businesses and consumers. Stopping this attack vector has become extremely difficult. Checks innocently placed in the mail have been intercepted in transit, altered and negotiated into accounts controlled by fraudsters. Fraudsters use dark web and other communications channels to train other criminals on how to steal, wash and deposit these payments.
Avoiding writing checks is the most simple and effective way to thwart this attack. For consumers, using your bill pay platform or paying by credit card may help. For businesses, utilizing services like Positive Pay with Payee Name Verification can assist in identifying altered checks, and converting your payments to a digital alternative may also help, but it is important to implement proper payment controls like dual control and least privilege access.
Companies, municipalities, school systems, hospitals and critical infrastructure providers continue to be targets, and news feeds are full of reports of organizations that have experienced a ransomware event. Many of the attacks are less about the ransom demand and payment, and more about the acquisition of sensitive data.
Continually educate your employees on the importance of caution and diligence around protecting your network. Avoid email attachments from unknown senders, accessing suspicious websites, and create processes to protect your network from unauthorized device access.
This one will continue to be utilized by fraudsters to attempt to obtain private information like login credentials, passwords and other sensitive information. Fraudsters spoof the phone number of a trusted partner like your bank, investment advisor or credit card company and have just enough information to seem legitimate. They can create look-alike websites. There is another possibility, for the use of artificial intelligence, to create deep fake audio that will sound even more convincing. They may ask you about a transaction on your account and offer assistance in removing the transaction – if you will provide your user ID and password to them. DON’T DO IT!
Your best defense is to hang up the phone and either log into your account and dispute the transaction yourself or contact the partner at a number you know to report the issue and ask for help. A great deal of the background information used by the fraudsters to perpetrate this scheme is obtained through social engineering. Be cautious about the information you post to your social media accounts and, when possible, utilize biometric authentication protocols, dual control and multi-factor authentication.
Fraudsters continue to find creative ways to convince us to provide sensitive information, make payments or otherwise take advantage of our good nature. Some include posing as a family member in trouble, fictitious charities, tech support problems, offers of prize winnings and an unheard-of lowest price on a hard-to-find product.
It pays to be suspicious and cautious before acting. A good rule of thumb is always verify, and if it seems too good to be true it probably is.
Education and awareness continue to be at the forefront of avoiding each of these situations. The more you educate yourself and your staff on how to identify potential fraud attacks, the greater your likelihood of avoiding becoming a victim.
Related Articles From Doing More Today
The information presented is general in nature and should not be considered, legal, accounting or tax advice. Regions reminds its customers that they should be vigilant about fraud and security and that they are responsible for taking action to protect their computer systems. Fraud prevention requires a continuous review of your policies and practices, as the threat evolves daily. There is no guarantee that all fraudulent transactions will be prevented or that related financial losses will not occur. Visit regions.com/STOPFRAUD or speak with your Banker for further information on how you can help prevent fraud.