Support for commercial clients

What is the impact fraud can have on businesses?
Businesses are feeling increasingly more vulnerable and less confident in their ability to protect themselves, their customers, and their employees working from home.

The most common scams targeted at businesses during 2020 were:

  • Purchase scams, where non-existent products and services were sold, with an average of $4,233 lost by businesses in each case.
  • Invoice scams, costing victims an average of $33,870 per case.
  • Impersonation scams which saw average losses of $8,466 per case.
  • While not among the most common, investment scams were the most damaging financially to businesses during 2020 with each case costing victims more than $38,099.

Today, every industry is a target for cyber criminals.

Prevention and mitigation strategies can mean the difference between a thriving enterprise and a shop closing its doors. Fraud incidents tend to disproportionately affect small businesses, since the relative size of a financial loss makes up a much bigger chunk of revenue compared with larger organizations.

Compounding the problem is the duration of fraud. Because small businesses are less likely to spend the time and money needed to reduce risk, fraud is more likely to endure for longer periods before being detected. The median time to detect an internal fraud scheme is 14 months. This means businesses must be looking for both internal and external threats at all times, and financial institution can play a big role in helping to educate them.

Smaller businesses also have fewer fraud controls than larger organizations and, as a result, become victims more frequently. For example, billing and payroll fraud at small businesses occur at twice as often compared with larger organizations, while check and payment tampering occur at four times the rate.

Banks and credit unions can help small businesses integrate fraud prevention awareness into their workflows to help prevent fraud and minimize its impact.

Businesses face the threat of malware, viruses, and business identity theft along with the hacking of company trade secrets, payment information, customer PII and vendor records.

Ransomware attacks: Ransomware as a service is the big problem for business. Easy-to-use ransomware as a service schemes are booming, accounting for almost two-thirds of ransomware campaigns during the past year.

In 2019, the IC3 reported 8.9 million in ransomware losses with over $29.1 million in losses in 2020. A 226% increase from the previous year.

Business email compromise: The cost of business email compromise is 64 times worse than ransomware. In fact, BEC comprised 37% of all losses in 2020 with over 1.8 billion reported to the FBI. This number does not include estimates of lost business, time, wages, files, or equipment, or any third-party remediation services acquired by a victim.

Wire Fraud continues to grow and becomes harder to detect. The BEC/EAC scheme has evolved to include compromise of personal emails, compromise of vendor emails, spoofed lawyer email accounts, requests for W-2 information, the targeting of the real estate sector, and fraudulent requests for large amounts of gift cards. The number of BEC/EAC complaints related to the use of identity theft and funds being converted to cryptocurrency is increasing.

FBI data shows a 700% growth in this area over the last five years.

Account takeover will increase: Account takeover is essentially doubling each year as criminals become more technically savvy and automated. Account takeover fraud remains an ongoing problem for financial institutions, e-commerce merchants, and virtually any organization that offers products or services that can be monetized.

Last year, account takeover fraud cost U.S. businesses nearly $7 billion in losses.

Remote working: Adapting existing controls to the remote working environment, the use of data and analytics in monitoring risks, and the proper balance between human and technological oversight will become more important as the 'new normal' takes hold. Compliance with regulatory controls should remain high priority for businesses, otherwise they create opportunity for criminals and risk regulatory investigations, leading to fiscal and reputational damages in the future. For many businesses, existing training on preventing wire fraud and other criminal attacks will need to be reinforced.

Cybercrime-as-a-service: Among the numerous services offered in the cybercrime underground, ransomware-as-a-service platforms, DDoS-for-hire platforms and spamming services will facilitate the emergence of new criminal organizations and speeds up the operations of existing ones.

Phishing kit developers will offer more refined products: Phishing kit developers will offer more refined products, further lowering the skill required to launch a phishing campaign. Attackers are improving the quality of their phishing campaigns by minimizing or hiding common signs of an imposter scam phish.

Deep fake technology for identity fraud: This technology will be used to attack call centers and for business email compromise scams.

More social egineering for authorized push payments (APP): These scams are extremely effective and defeat all controls such as authentication, device, and location analysis. Criminals just need to persuade people into authorizing a payment to them. These includes impersonating a supplier or contractor, and sending a fake invoice to a business.

Security for the "phygital" shopping experience: Blending the elements of both a physical (curbside pickup, displaying your photo ID) and digital (selecting inventory and submitting payment, multifactor authentication) shopping experience together. The combined online and in-store shopping habits are here to stay for the long term.

With the threats to businesses being so diverse, all businesses need to improve their cybersecurity practices. We can help them do that through you. Learn how.

Supporting the needs of evolving commercial account holders, their workforce, and customers.

Limited resources, expertise, and time constrains are often why many organizations are feeling increasingly more vulnerable and less confident in their ability to protect themselves and their customers from fraud.

As your commercial account holders modernize with popular cloud solutions, you'll offer a complementary fraud awareness resource to help everyone stay safer.

Topics Include:

  • Business Email Compromise (BEC)
  • Ransomware
  • Ransomware Dycryption Tools
  • Cybersecurity for Remote Workers
  • Securing Network Credentials
  • Account Authentication
  • Passwords
  • Cyber Security Programs
  • Incident Response Plans
  • Security Awareness Planning
  • Cybersecurity Insurance Considerations
  • Data Theft Prevention
  • Data Security Policies
  • Business Continuity Planning
  • Purchase Scams
  • Wire Transfers
  • Fraud Alerts
  • How to Report Fraud
  • Identity Theft
  • Malware & Viruses
  • Email
  • Phishing
  • Invoice scams
  • Social Media
  • Impersonation Scams
  • Investment Scams
  • Employment Scams
  • Cybersecurity Scanning & Software Resources
  • Internet of Things
  • Laptops & Tablets
  • Computers
  • Web Browsers
  • Cloud Safety
  • Tech Support Scams
  • Mobile Banking
  • Mobile Phone
  • ACH Fraud
  • Check Fraud
  • Card Safety
  • Travel Safety
  • Wi-Fi Safety
  • Chargebacks
  • Card Not Present Fraud
  • Vendor Fraud
  • Insider Fraud
  • SBA Loan Fraud
  • DocuSign Safety
  • ATM + POS Skimming
  • Tax Scams
  • Technology Disposal

hsbc has recently launched a fraud awareness app to provide businesses with up-to-the-minute news on emerging scams. So can you.

As an eFraud Prevention™ client, you'll have your own unique small business portal that can easily be linked to your existing mobile app and web site. Online banking is the lifeblood of many small businesses and having an awareness of scams that are out there and being kept informed on new tactics is absolutely vital.

mobile app


Copyrights © All Rights Reserved by eFraud Prevention, LLC