Cybersecurity and Fraud Protection
6 Cyberfraud Scenarios From Worst to Best
Fraud attempts are constantly increasing, and criminals are becoming more sophisticated in their attacks. Learn best practices for fraud prevention—and the mistakes that could cost you.
Criminals continue to find new ways to infiltrate unsuspecting companies through cyberattacks. Payments fraud impacts many companies, which—regardless of size—can manage their risk factors by maintaining strong cyber controls and best practices.
By implementing and requiring regular security training for all employees, companies can reduce the risk of a cyberattack for their employees, clients and third-party vendors. Clients who do not use appropriate fraud-prevention tools increase their risk of losses and are liable for all losses incurred for payments originated using any authorized users’ security credentials or the credentials of others who have designated transaction authority.
What to Avoid
In the below scenarios, the business could face significant losses from fraud:
- An employee at a large firm in the South is the target of a business email compromise scheme from a criminal posing as a known vendor. The criminal creates a fake email address similar to the vendor’s legitimate address, and requests that three payments be made to a new bank account. The employee does not validate the banking change with the vendor and transfers the money. Result: The client bears the loss.
- A payments employee receives an email from a criminal pretending to be a vendor who submits new payment instructions for several invoices. The criminal then sends a second email posing as the CEO to expedite the payments. Without validating the requests, the employee transfers the money to the account controlled by the criminal. After receiving additional multimillion-dollar invoices, which are recognized as fraudulent, the company realizes it was the target of a fraud scheme. Result: The client bears the loss.
- Criminals pretending to be a vendor send a fake email requesting money to a payments employee at a Midwest company. The employee releases the funds to a new bank account controlled by the criminals without validating the email. Payment fraud controls initially stop the payment, but the employee maintains that the transaction is legitimate and the funds are released. Later, the company realizes the mistake and tries to recover the funds. Result: The client bears the loss.
- Criminals posing as the chief financial officer send two emails to a payments employee at a large company. The first email authorizes a wire transfer for a substantial amount to be sent to a bank in the US, which the employee processes. The second includes new payment instructions for a larger amount to wire to a bank in Asia. By validating the second request with an executive, the company is able to recover some of the withdrawn funds. Result: The client recovers a portion of the funds.
- Using a mobile device, a payments employee for a company reviews an email that appears to be from the CEO. The employee does not see that the CEO’s address has been compromised with a fake look-alike email domain and releases the payment. After returning to the office, the employee contacts their client service professional. By quickly reporting the incident, together they are able to recall the funds successfully. Result: No client funds are lost.
- A criminal impersonates the president of a company and sends an email to an employee with instructions to send a payment to a new bank account outside the US. The employee is suspicious and contacts the president at his telephone number in the company. The employee learns the request is fraudulent and does not process the payment request. Result: No client funds are lost.