Employee Education and Awareness Keys to Prevention
Fraud is on the rise and growing at an alarming rate among the small business community. As scammers change their techniques, businesses need to raise their level of vigilance.
According to the Financial Crimes Enforcement Network (FinCEN), the number of suspicious activity reports (SARs) describing Business Email Compromise (BEC) incidents reported monthly has grown rapidly. They now average more than 1,100 per month in 2018 — that’s twice the amount reported in 2016. The total value of attempted BEC thefts, as reported in SARs, climbed to an average of $301 million per month last year.
Scammers are branching out, targeting construction and manufacturing companies, which typically deal in larger transaction amounts. The average loss for these companies is more than $50,000 per incident.
But This Doesn’t Happen in Rochester…Actually, it Does
“It’s tempting to look at the numbers above as a ‘national’ problem, and not one we’re having here in Rochester, but I can tell you first-hand that is absolutely not the case,” explains GRB’s Vice President, Risk Management Officer Brandon Beardsley. “Rochester companies are being targeted and scammers are being successful.”
Beardsley, who is part of a number of local security and risk management professional organizations, notes the following scams reported by local companies and financial institutions in just the last few months:
- CEO Fraud – A fraudster impersonates an executive of a business and requests an urgent wire transfer or ACH transaction
- Vendor Fraud – A fraudster intercepts communications between a business and one of its vendors and requests that in invoice be sent to a fraudulent account
- Business Email Compromise – Targets employee direct deposit accounts, wires and ACH transactions, and IOLA accounts
- Stolen checks/check fraud
“What we see is fewer scams targeting financial institutions. Instead, they are targeting the businesses directly,” says Beardsley.
Employees are Key
Beardsley also notes that technology, like enhanced firewalls and stronger passwords alone aren’t the answer to preventing fraud. He emphasizes that technical defenses need to align with employee awareness.
“Employees need to be trained to be suspicious of unusual requests and follow all verification procedures for any transaction. Even everyday requests can be compromised, like Human Resources receiving a request to change an employee’s direct deposit account number. There needs to be a process for verifying requests that could allow for fraud to occur – preferably using a communication channel different from the one used to make the request,” says Beardsley. “While technology is certainly helpful in fraud prevention, employees are still the most important factor in making sure a scammer cannot complete a fraudulent transaction.”
He also strongly encourages businesses to develop a comprehensive plan for raising fraud awareness. This should include employee training programs, and implementing additional tools for transaction verification. GRB provides the Positive Pay solution as an additional protection against ACH and check fraud.
In addition, the Federal Trade Commission, the Small Business Administration and the Federal Bureau of Investigation provide resources that businesses can use to help create their own strategies for preventing financial losses from fraud.
“Financial fraud is a serious risk for businesses,” said Beardsley. “Everyone in the organization needs to be included in the prevention process.”