At our recently sponsored Fraud Prevention Seminar in Cadott, experts shared essential tips to help small businesses stay safe from fraud. We heard from Jay Tambornino who is an IT Consultant with the Minnesota Banker’s Association and John McCullough who is President of the Financial and Retailers Protection Association.
With cyber and financial fraud growing more sophisticated, here are some simple, actionable steps they provided to help protect your business:
1. Guard Against Check Fraud
Risk: Thieves “wash” checks (removing ink to change details) or recreate checks.
Solution: “Businesses must sign up for Positive Pay with Payee Name to protect their business; Pillar Bank offers this service. It provides a level of protection businesses have been looking for,” said McCullough.
When writing checks, use gel pens like the Uniball 207 or Pilot G2 (ink from these pens is harder to remove with chemicals to rewrite the checks).
2. Beware of Phishing and Business Email Compromise (BEC)
Risk: Scammers often send fake emails that look like invoices or requests for quick payments. The invoice requests payment to a new account mentioned in the invoice but uses the same or similar names as an existing vendor. The check is mailed, and ACH is sent to the changed bank routing and account number per the invoice request.
Solution: Any payment changes need to be verified by the vendor by phone or email on file; not in the email or letter with new payment instructions. Do not call the number on the invoice or trust the email provided in any email requesting changes in payment processing. Always check the sender’s email addresses to make sure they are correct, and never click on any attachments or links to websites.
Ask yourself: Was I expecting this email? Best Practice is to set up a “zero trust” approach—treat all unexpected requests as suspicious and verify before acting.
3. Secure Your Online Accounts
Tip: Use multifactor authentication (MFA) with extra layers like numeric codes or geolocation to help secure your email and online banking accounts.
Solution: Limit staff’s ability to use your system network’s administrative functions. Lock them out of accessing areas they do not need. Ensure account activities are monitored (a system like SIEM can help with this). For added safety, set up controlled, limited access for users overseeing online banking, and set alerts for payments and credit and debit card purchases.
4. Preventing Wire Fraud and Payment Scams
Risk: Fraudsters send overpayments or spoof caller IDs to request funds.
Solution: Only use trusted contacts and never provide verification codes over the phone. For large or unusual payments, double check with the sender directly. If you have a wire and it is fraud, quickly report it to your bank and the FBI at www.ic3.gov.
5. Handle Mail Securely
Risk: Mail theft is an epidemic, with thieves targeting blue USPS boxes to steal checks and sensitive information.
Solution: Drop off mail inside the post office or hand it to the carrier or inside postal worker. Avoid using public mailboxes to mail checks. “The best solution is to use online banking and consult Pillar Bank’s Treasury Management expert, Lisa Lyon, to review the available safety controls for businesses. It is like doing a medical checkup to avoid and prevent health problems,” added McCullough.
6. Be Wary of Ransomware Attacks
Risk: Investment scams work through social media contacts or start with a text message asking if you know (insert name) who worked there or lives nearby. The scammer wants to befriend you and build up a conversation over time to get you to trust them. They even send you (fake) pictures. Down the road, they ask you for a favor. Later, they ask for help – send them money or instructions on how to invest in crypto currently (like Bitcoin). It’s a scam that locks your systems and demands cryptocurrency payments.
McCullough says ransomware is often spread via email directed to you from your CEO, CFO, or President. It requests that you open the following attachment or click on a link to a website. It’s likely to come in with an urgent request to open the email attachment. You might get an email from your CEO that we had an incident last night. ‘Please open the attachment for the police report and video of our employee being robbed,’ as an example.
When you open it, the Malware is launched, and your computer and any computer connected to it get infected, and the system is locked. Then a demand for payment is made to get your system back up and running. Immediately unplug and disconnect your PC in hopes the malware doesn’t pass through the network, and call ID now!
Solution: Report it to the FBI and get expert help from outside experts. Have your system backup off-site and assume you must start from scratch otherwise. Train your employees and consider using www.knowbe4.com or similar firms to provide training for everyone including the CEO.
7. Create a Fraud Aware Workplace Culture
Action Steps:
- Train staff to recognize phishing, fraud, and suspicious activity.
- Promote a culture of honesty, responsibility, and vigilance. Conduct regular spot checks and set a strong example.
- Enforce separation of duties, especially for approvals and payment handling, to reduce fraud risk.
Fraud prevention is a team effort that starts with awareness and proactive measures. With these steps, your business will be better prepared to recognize, prevent, and respond to fraud.
If you think your accounts have been compromised, contact Pillar Bank immediately to limit damage.