PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

Protecting Your Business from Fraudulent Attacks on Remote Workers

PaymentsJournal by PaymentsJournal
May 5, 2020
in Featured Content, Fraud Risk and Analytics, The PaymentsJournal Podcast
0
Protecting Your Business from Fraudulent Attacks on Remote Workers
7
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
https://media.blubrry.com/paymentsjournal/paymentsjournal.com/wp-content/uploads/2020/05/Giact-002-005_mixdown.mp3

Podcast: Play in new window | Download

Fraudsters will take advantage of any opportunity to scam unsuspecting individuals and businesses out of their money, and the COVID-19 crisis is no exception. The level of disruption caused by the pandemic itself, as well as the response to the pandemic, is unprecedented. With social distancing and stay at home orders in effect across the country, businesses have temporarily closed their offices and everyone who can is working from home.

These new working conditions were thrust upon companies and their employees with little warning. Without enough time to make the necessary accommodations, internal controls and security were compromised, providing fertile grounds for criminals to prey upon companies with a myriad of scams, including business email compromised attacks.

To discuss business email compromised (BEC) attacks and how businesses can better protect themselves amidst the COVID-19 pandemic, PaymentsJournal sat down with David Barnhardt, Chief Experience Officer at GIACT and Tim Sloane, VP Payments Innovationat Mercator Advisory Group.

PaymentsJournal
Protecting Your Business from Fraudulent Attacks on Remote Workers
PaymentsJournal Protecting Your Business from Fraudulent Attacks on Remote Workers
PaymentsJournal

What are BEC Attacks?

BEC, or business email compromised attacks, are sophisticated schemes that infiltrate businesses via email with a request targeting individuals with access and authority over company funds. Scammers may ask a controller, or someone in accounts payable, to change the name, account number, address, or other payment instructions of a supplier or someone else that the company owes, allowing the criminals to intercept the funds.

These communications are very deceptively designed. Emails typically come from an address that looks very similar to an address of someone that is known to the recipient, perhaps changing only one letter or character. For an employee who doesn’t notice the altered email address, the payment change request can appear to be legitimate.

BEC attacks are not petty theft. According to the latest statistics from the FBI, 80% of surveyed businesses reported being targeted by a BEC scam, 54% of businesses admitted to being financially impacted by BEC, and roughly $2 billion is lost every year.

Recommend Reading: Provided by GIACT

A well-publicized example of BEC fraud was the Ubiquity theft that amounted to a loss of $46 million. Con artists sent an email to the new CFO that appeared to have been sent from the CEO. The email stated that the CFO should expect a call from the company’s lawyers regarding an acquisition. When the fraud operators called, pretending to be the lawyers, they were able to con the CFO into making several wire transfers.

BEC fraudsters use a range of tactics, from simple phishing schemes to more complex targeted attacks. Once they get into the system, they research your email history, who you email, and who the accounts receivable and accounts payable contacts are. They can mimic an email’s format, tone, and content, including signatures and company logos. Then they can use this information to lure their targets into opening emails, clicking on links, and ultimately redirecting funds. Some of the most sophisticated schemes involve using AI technology to mimic someone’s voice, perhaps the department head or company CEO, to create a convincing voicemail message or engage in a persuasive phone conversation.

3 Step Approach to Scam Prevention

“It all starts with the right tools and detecting critical pieces of information,” says Barnhardt.

There are a lot of valid requests for changes in payment, which makes it easy for scammers to sneak their requests in without raising any red flags. Given the degree of sophistication used, it can be very difficult for employees to recognize the scams. Companies risk falling victim to scammers if they don’t take the time to evaluate all requests thoroughly by verifying three critical pieces of information:

  • Verify the incoming address or phone numbers, depending on the method of contact.

Verifying the source of the email or phoned in request can be as easy as picking up the phone and calling a verified phone number that you can look up in real time. 

  • Verify payment account information on every single payment.

“Robust account validation goes beyond simply confirming if an account is open and valid,” explained Barnhardt, “businesses need to be able to run all their payments against a stricter validation process, which includes the status of the account, the account ownership, is this account in your customer’s account, or are those signers authorized to transact on that account.”

  • Verify the identity of the person and company that is requesting the change.

This includes checking identity records on the business including name, address, phone number, email address domain and then verifying that the specific email address is a valid corporate address.

Having the right tools in place to verify information is a critical component of fraud prevention. GIACT provides the proper tools for verification along with their expertise in fraud prevention to help assess and improve security within a company.  Beyond training employees to be on the lookout for suspicious activity, Barnhardt suggested “white hat testing” wherein an ethical hacker is hired by the company to try find weaknesses and improve security to protect the company.

Account Verification

GIACT’s account verification process is fast and efficient. Users send a routing transit account number, name, and address for the account. GIACT reaches out to the financial institution in real time to validate that the account is in fact open and that it does indeed belong to the person or company with whom the user intends to conduct business.

The financial institution checks to see if the information provided matches their records and returns a simple yes or no response. In the event that the information given is not a match, they will not give any indication of the correct information so as to eliminate the possibility of enabling fraud.

Accounting departments use this tool for both accounts receivable and accounts payable. Accounts receivable verifies payment accounts when setting them up or when debiting the account for goods sold. When debiting consumer accounts, businesses want to make sure that the account is open, valid, and that their customer is an authorized user on the account to prevent unauthorized returns. On the payables side, accounts are verified before payments are sent.

It would be difficult, but not impossible, for fraudsters to get past the account verification process. They would need to open their own account in the name of the company they were using to divert funds. Barnhardt recommends “using the other tools and services like email validation identity, which encompasses phone numbers, to be able to round out the picture, but,” he adds “account validation certainly goes a very long way. It is probably the number one product that is used by the businesses that have controllers that are continuously setting up new payments or changing payments.”

The Takeaway

Remote working conditions have left many vulnerable to fraud. The lack of security, internal controls, and oversight has resulted in a rise in business email compromise attacks. With an increase in remote workers, companies need to be even more rigorous in verifying transactions. Adding account verification processes will help prevent losses and protect customers.

Tags: BECCoronavirusFraud PreventionGIACTPodcastremote employees
7
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    debit cards, Gen Z

    Debit Builds Consumer Loyalty Among Gen Z and Other Top Demographics

    June 7, 2023
    check fraud

    Check Fraud: The Threat is Real

    June 6, 2023
    smart banking

    Smart(er) Banking Requires More Than Just Tech

    June 5, 2023
    Google Wallet Expands Features

    Google Wallet Continues to Bet on Digital with Expanded Features

    June 2, 2023
    digital value

    How Embracing Digital Value Can Help Solve the B2C Payments Conundrum

    June 1, 2023
    instant payments, real-time payments, RTP

    Banks Developing Instant Payments Products in the U.S. Should Focus on Billers to Generate New Revenue Streams  

    May 31, 2023
    Digital Wallet Use Delivers on Convenience and Security

    Digital Wallet Use Delivers on Convenience and Security

    May 30, 2023
    5 Ways to Protect Your Financial Institution from a Cyberattack

    5 Ways to Protect Your Financial Institution from a Cyberattack

    May 26, 2023

    Linkedin-in Twitter

    Advertise With Us | About Us | Terms of Use | Privacy Policy | Subscribe
    ©2023 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    Menu
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • Recent News
    • Resources
    Menu
    • Industry Opinions
    • Recent News
    • Resources
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result