Business Email Compromise
Protecting your business can feel like a moving target – as new fraud schemes arise; you must adjust and add extra security measures. Fraudsters use various techniques, from simple scams such as spoof domains to hacking into your company’s network. Fraudsters play on employee’s emotions by impersonating company leaders including CEOs, CFOs, HR, Finance and Legal as well as vendors and other partners.
Educate your employees and set the culture
What is BEC fraud?
Why do they call it CEO fraud?
Best Practices to Consider:
- Create company policies.
- Call the requestor or visit in person
- Validate payment instructions with details on file
- Implement multiple approvals for large remittance amounts
- Implement approval protocol when executives initiate a transaction
- Set checks and balances
- Provide scenarios that resonate with daily activities and functions.
- Ensure employees understand how to decipher fraudulent emails and URLs.
- Do the details in the email match?
- Supply employees with instructions if they suspect or experience fraud. It is important to act quickly. What should you do?
- If your business is targeted, remember to alert the Zions Bank IT department immediately, and file a complaint with the IC3.
Build in system controls within the IT portion of your business to map existing workflows for ACH and wire payments. Identify weaknesses that could expose you to risk. We are in your corner and dedicated to serving as a resource.
The Layered Defense Approach
Fraud attacks can come from anywhere. Help protect your business by combining strong tools, best practices and support to create the Layered Defense Approach. When you do, you achieve the 4 key industry-standard measures for cyber security:
- Sound, easily managed fraud monitoring capabilities
- Multilevel authentication to validate and restrict access to your accounts
- Secure web browsing with deep online coverage
- An adaptive security platform, customizable to your business
Implemented effectively, the Layered Defense Approach can help you reduce your company’s risk of falling victim to fraud.
Strong Tools are a part of how you build your Adaptive Security Platform. And Zions Bank helps make a suite of security tools available to your business.
Best Practices are in your control. Start implementing them today, if you haven’t already. And know that Zions Bank implements its own practices behind the scenes to help protect your information too.
Fraud Prevention Best Practices
With fraud coming at your business from both inside and out, vigilance is one of your best defenses. Vigilance in paying attention to employee and outsider behavior and ensuring you have the right tools and support in place.
- Separate financial responsibilities and access rights among employees
- Watch for behavioral red flags from employees like living beyond one’s means, refusal to take vacations or unusually close association with a vendor or client
- Implement an accounts receivable fraud-fighting solution
- Conduct online financial transactions on one or a few computers that don’t allow for any other type of Internet usage
- Reconcile accounts daily to find unauthorized ACH debits
- Follow the online precautions recommended in the Online Account Takeover section below
- Implement an ACH payments fraud-fighting solution
- Pay your bills online
- Mail all bill payment checks directly from the post office
- Use a special "check writing" pen, available at most office supply stores
- Order checks with chemically-sensitive paper
- Check your bank account often to see which checks have cleared
- Recognize signs of bad checks, including no perforations, missing check numbers, mismatched fonts, handwritten additions, missing address and stains or discolorations
- Be wary of a low check number (101–400 on personal checks or 1001–1500 for business checks); 90% of bad checks are written on accounts less than 1 year old
- Implement a checks fraud-fighting solution
- Keep basic computer security features up-to-date, including operating systems, firewalls and antivirus software
- Never download or install files from unknown sources
- Don’t click on web ads or pop-ups
- Access the Zions Bank® web site by typing or bookmarking www.zionsbank.com instead of clicking links in unexpected emails
- Look for the “s” in https://www.zionsbank.com when you arrive at the Zions Bank web site. Learn more about authentic web sites
- Don’t respond to unsolicited emails, open the links in them or view attachments to them
- Be aware of inappropriate web surfing on computers you use to access online banking as that’s how a lot of malware is loaded onto a computer
- Implement an online account takeover/enrollment fraud-fighting solution
- Review your accounts every day
- Never send financial information using regular email, which is insecure and easily compromised
- Educate employees about fraud risks and how to avoid threats
- Set strict password criteria
- Regularly review privacy policies and get rid of sensitive, unnecessary client information
- Notify Zions Bank immediately if you suspect fraudulent activity on your account, possible compromised credentials, a stolen device or cards, etc.
- Review your bank account and service agreements. They include both customer protections (like Zero Liability) and responsibilities. For example, under a Zions Bank Treasury Management Master Services Agreement, you’re responsible for Internal Security Controls and all instructions Zions Bank receives with your Access Credentials even if not actually sent by you
- Discuss cyber theft protection with your insurance provider to determine if it makes sense for your organization
- Implement fraud-fighting solutions as part of The Layered Defense Approach
Find the support your business needs to help fight fraud by implementing the Layered Defense Approach. These fraud-fighting tools act as the Adaptive Security Platform for your Layered Defense Approach. Implement them and spend your time reaching your business goals instead of potentially recovering from fraud.
A feature of Zions Bank® Business Online Banking that helps segregate duties and manage user access for any payment or administration function. Helps prevent:
- Wire fraud
- ACH payments fraud
- Employee embezzlement
- Account enrollment/takeover
A security chip present in all Zions Bank debit and credit cards. Zions Bank will also offer updated POS devices to help businesses make credit card transitions as chip cards become standard. Helps prevent:
- Merchant services loss
- Card loss
The Fraud Landscape
Everyday behaviors cost North American companies roughly $3.5 billion annually. (Source: CyberSource® 2013 Online Fraud Report)
Not only does fraud cost businesses’ bottom lines, it can cost their customers, their reputations and their credibility. Some of the most prevalent fraud schemes businesses face today are outlined below.
PROBLEM: Accounts receivable (AR) fraud comes entirely from within your company. Your own employees can steal funds, both online and offline, and alter records with fake write-offs, fictitious balancing and fraudulent debiting. One of the more common AR fraud schemes is called lapping, where employees continuously steal customer payments to cover their theft of previous customer payments.
SCOPE: According to estimates, 80% of the fraud cases are asset misappropriations, including accounts receivable fraud. (Source: Report to the Nation on Occupational Fraud and Abuse. Association of Certified Fraud Examiners (ACFE), 2002.)
PROBLEM: ACH Payments fraud can come from employees or outside criminals. It’s one of the easiest ways to defraud your company. All a perpetrator needs is a checking account number and bank routing number, which are frequently collected with the help of Trojans and other malicious software.
SCOPE: In 2014, 22% of organizations were affected by ACH debit fraud while 9% experienced ACH credit fraud. (Source: 2014 AFP Payments Fraud Survey)
PROBLEM: Wire fraud can come from employees or outside criminals. Employees commit wire fraud by creating fake vendor accounts to pay themselves. Outsiders pose as vendors you already work with and request payments, usually by email or phone.
SCOPE: In 2013, 14% of businesses were victims of wire transfer fraud. (Source: 2014 AFP Payments Fraud Survey)
PROBLEM: Credit card theft is one the most prevalent methods of fraud. Card data is usually stolen when you make a purchase on a fake web site or fall victim to phishing. Criminals steal credit card data virtually then proceed to spend your money on withdrawals or purchases.
SCOPE: 65% of organizations discovered they’d had credit card data stolen and then used to make fraudulent transactions in 2013. (Source: RSA-2013 Fifth Annual Online Fraud Benchmark Report). For businesses that experienced attempted or actual payment fraud in 2012, 43% cited credit cards as the method used. (Source: 2014 AFP Payments Fraud Survey)
PROBLEM: It’s easy today for fraudsters to make fake checks. Such “bad checks” often accompany lottery scams, check overpayment scams, Internet auction scams and secret shopper scams. Check washing involves erasing written details from a check. Criminals use a “washed” check to make fraudulent withdrawals and commit other types of theft. Checks are usually stolen from mailboxes when a bill payment is mailed.
SCOPE: In 2013, 82% of organizations experienced actual or attempted check fraud. (Source: 2014 AFP Payments Fraud and Control Survey)
PROBLEM: When a criminal gets hold of personal or login information, he can sign up for credit cards in your name, transfer or steal your money—all while posing as you. Online, this type of fraud happens thru phishing attacks, malware installed on your computer and phony web sites that seem legitimate, but actually steal your login credentials.
SCOPE: Of the businesses that detected a fraud attempt in 2012, 71% reported that the scheme was an online account takeover with fraudulent money transfer. (Source: RSA-2013 Fifth Annual Online Fraud Benchmark Report).
Begin Building Your Layered Defense Approach Today
Implement the best practices recommended here and contact Zions Bank at 855-972-1659. We’ll help you start building or reinforcing an adaptive security platform as part of your Layered Defense Approach today.