2020 was a peak year for fraud. The Federal Trade Commission recently reported they received more than 2.1 million fraud reports from consumers in 2020. The consequence was a reported $3.3 billion during the year, an astronomical increase from just $1.8 billion in 2019. Fraud can also impact identity and brand reputation as well as create unnecessary stress. In this episode of CoBank’s Fraud Wise, learn about the consequences of fraud and how to protect yourself and your business from becoming a victim.

CoBank’s Fraud Wise helps you avoid becoming a victim of fraud. In this episode, they will be talking about malware, or malicious software, that’s installed on a victim’s computer without their knowledge and with the intent of doing them harm.

Able Company experienced a cyber-account takeover committed through malicious software installed on their computers when the perpetrator hijacked the customer’s online banking system session. The malicious software was able to obtain session credentials for creating and approving templates and wires, because the same computer was used by two separate users to approve both the template and the transaction. During the hijacked session the perpetrator created several wire templates and originated multiple wire transactions totaling millions of dollars.

One of the most successful fraud techniques targeting businesses today is known as the “CEO Email Scam.” The scammer effectively impersonates a company’s CEO or other high-level executive by gaining access to or “spoofing” his or her email account, and requesting a wire transfer. According to the FBI, over 7,000 U.S. businesses fell prey to this scam, netting criminals an estimated $747 million. The scam has been reported in all 50 states and in 79 countries.

One of the oldest and yet more prevalent scams today is check fraud. According to the American Bankers Association, 1.2 million fraudulent checks enter the banking system every day. Even though check use is declining as more payments become electronic, losses to check fraud are growing at a rate of 2.5 percent a year. Also, 77 percent of business respondents to a survey by the Association for Financial Professionals reported they had experienced check fraud. Check fraud unfortunately is alive and well, and remains one of the easiest, and therefore most common, financial fraud methods in use today.

Savvy Bank started receiving calls from consumers and banks that had received checks appearing to be from Proactive Company, which is a legitimate Savvy Bank customer. The checks were counterfeit and were being sent to consumers as payment for goods being sold on an online auction site. The checks were printed for amounts significantly higher than the price of the goods being purchased and usually arrived via overnight mail with instructions to deposit the checks and send a portion of the difference to a third party, minus an “inconvenience fee,” via a retail money transfer service.

As part of our continuing commitment to our customers’ security, this article on payments fraud deviates from fraud schemes that affect businesses to those that prey on consumers. Business and consumer fraud schemes share many of the same characteristics, so being aware of the techniques used to defraud consumers can also help you identify those targeted at businesses.

One of the common ways that fraudsters commit these scams is through cyber account takeover – the ability to take control of an online account by stealing a user’s login credentials or hijacking an online session. Once in control of an account, a fraudster steals funds by initiating outgoing wires or ACH transactions, which can be extremely difficult – if not impossible – to recover if not identified timely.

This article covers Email Account Breaches, which are one of the most common ways for fraudsters to launch impersonation scams, obtain confidential information or insert harmful software onto a victim’s computer that will serve as the basis for many other types of fraud scams. 

Fraud scams affecting U.S. businesses show no signs of going away. According to the FBI’s Internet Crime Complaint Center (IC3), schemes compromising business and personal email accounts were responsible for more than $360 million in business losses in 2016. More than 12,000 U.S. businesses fell victim to these schemes, accounting for the highest losses among all cybercrimes tracked by IC3.

This is the sixth in our series of quarterly emails on payments fraud, which continues to plague financial institutions and businesses at an alarming rate. According to the 2016 Payments Fraud and Control Survey conducted by the Association for Financial Professionals, 73 percent of companies surveyed were targets of payments fraud in 2015. Regardless of what you do, the size of your business or where it is located, payments fraud can affect you.

A highly successful and prevalent scam in use today is Vendor/Invoice Fraud. These scams are similar to the CEO Email Scam we covered in Fraud Tip #1, in that they rely on “social engineering” – manipulating a person into doing something. They also depend heavily on the scammer’s email hacking and research skills to become familiar with the targeted company.

Paragon Company experienced a business email compromise fraud attack. Employees at the company received emails purportedly from their vendor, Alert Corporation, requesting a change to their bank account information. Employees at Paragon Company complied with the email requests without calling the vendor to verbally confirm the new payment instructions and originated a large-dollar wire transfer to the vendor at the unconfirmed account.