Cybersecurity and Fraud Protection
The Worst- and Best-Case Scenarios for Cyberfraud Attacks
Companies can help themselves avoid becoming victims of cyberfraud attacks by implementing proper validation and fraud control practices. Get some best practices—and find out what to avoid—to protect your business from cyberfraud.
Cyber criminals continue to develop sophisticated schemes and expand targets beyond the corporate world, widening cyber attacks on nonprofit organizations, universities and third-party vendors of manufacturing and financial services firms.
Know that your business is liable for payments that originate with authorized users’ security credentials or by other people designated with transaction authority.
However, organizations can help safeguard their accounts against cyberfraud by implementing systems, controls and practices for personal account information, and by maintaining security and training methods with employees.
What to Avoid
Imagine the following scenarios your business could encounter:
- An employee at a fashion company receives an email with payment instructions from a criminal purporting to be a vendor. The control process initially stops the payment, but the employee confirms that the vendor is valid and the payment is released. Several months later, the client learns that the request was fraudulent. Result: The company bears the loss.
- A school district employee receives a call from a person posing as a vendor with instructions to change bank account information. The criminal provides a new number and the employee transfers money to that account. The school district discovers the fraud several weeks later and only some of the money is recovered. Result: The school district bears the loss.
- A construction company receives an email with fraudulent payment instructions from someone claiming to be a third-party vendor. The company employee who receives the email does not validate the request before authorizing and issuing a payment. Result: The company bears the loss.
- A criminal posing as a client contacts a payments employee at a financial services company. The criminal has account information and gives instructions for the employee to transfer funds to an account controlled by the criminals. The account is restricted and only some money is recovered. Result: The client bears the loss for the remaining balance.
The scenarios below illustrate how your company can help protect itself against cyber threats:
- An electronics company receives an email from a vendor requesting a payment to a new account. Following procedures, the company’s payments team recognizes that the email is fake. Result: The company does not release the payment to the criminal, and no client funds are lost.
- A university employee contacts their bank, complaining of issues when logging into the school's online payments account. Malware is discovered on the employee's computer. Result: A large payment is stopped before it is released, and no client funds are lost.
- A financial services firm payments employee receives an email from a criminal posing as an executive within the firm. The email contains instructions to transfer a large payment to a new account. The employee escalates the request to a manager who discovers the fraud attempt. Result: The client never initiates the transaction, and no funds are lost.
- A manufacturing company employee receives several emails requesting payments that appear to come from one of the company's suppliers. The client notices misspellings in the email address, becomes suspicious and notifies their bank. Result: The payments are stopped before the funds are transferred to the account controlled by the criminals, and no client funds are lost.