Cybersecurity and Fraud Protection
4 Cyberfraud Scenarios to Help Prevent Losses
Fraud attempts are constantly increasing, and criminals are becoming more sophisticated in their attacks. Learn best practices for fraud prevention—and the mistakes that could cost you.
Criminals continue to find new ways to infiltrate unsuspecting companies through cyberattacks. Payments fraud impacts many companies, which—regardless of size—can manage their risk factors by maintaining strong cyber controls and best practices.
By implementing and requiring regular security training for all employees, companies can reduce the risk of a cyberattack for their employees, clients and third-party vendors. Clients who do not use appropriate fraud-prevention tools increase their risk of losses and are liable for all losses incurred for payments originated using any authorized users’ security credentials or the credentials of others who have designated transaction authority.
What to Avoid
In the below scenarios, the business could face significant losses from fraud:
- A payments employee at Company A receives an email with new payment instructions from criminals posing as a trusted vendor. The employee recognizes the vendor’s email address and accepts the instruction without validating the change in banking instructions contained in the email. After transmitting the funds, the employee realizes that the vendor’s email account was compromised, and by quickly contacting the company’s client service associate, they recall the payment.
Result: While no client funds were lost, it was a close call. Payments employees must make a routine habit of validating all changes received in payments instructions either in person or by calling a known telephone number before sending funds.
- A payments employee at Company B receives a fake email from criminals posing as the company’s owner, who directs a wire of more than $300,000 to be sent to a new bank account in Asia. The employee transfers the funds without first validating the payment instructions with the owner. The bank identifies the unusual transaction and calls the employee to confirm the instructions. The employee confirms that the transaction is correct. A short time later, the employee realizes that the email is part of a cyberfraud scheme.
Result: The client bears the loss.
- A payments employee with Company C receives an email from a colleague with an invoice for almost $4 million to be paid to a new bank account in Asia. To validate the change in payment instructions, the payments employee speaks to the colleague who purportedly sent the email, but denies sending it. Both employees realize that they are potential victims of a phishing/business email compromise attack. Upon further investigation, the company discovers that the employees had been targeted by criminals who sent the payment request from a compromised email account.
Result: No client funds are lost.
- Cybercriminals create a fake look-alike domain name and target a finance executive at Company D to dupe their vendor into changing bank information. The criminals attempt to mimic the executive's email address by moving one letter in the look-alike domain name. Then they send spoofed emails from that manipulated account to third-party vendors to authorize payments to bank accounts controlled by the criminals. The vendor identifies the scheme and does not make the payment, and contacts the executive to let them know someone is using a domain look-alike to impersonate the company.
Result: The client bears the loss.