Cyber security and crime concept

Protect Your Small Business From Cyberthieves

November 16, 2020

As the owner of a small business, day-to-day operations keep you busy. Whether you’re attending to your customers’ needs or planning a new product launch, cybercriminals count on these and other necessary tasks to distract you from noticing their nefarious activities. Fortunately, you can protect your business from falling victim to cybertheft — including business wire fraud — by taking a few simple steps.

What Is Cybertheft?

Cybertheft occurs when financial or personal information is stolen through electronic means via the internet. The victim’s information can be used in many ways, including withdrawing funds from bank accounts or even creating a new identity. While there are a myriad of ways the information can be used, the basic idea is that the perpetrator uses the data to initiate unauthorized financial transactions. Business wire fraud is one form of cybertheft.

What Is Business Wire Fraud?

Business wire fraud occurs when someone uses false information to intercept a bank wire transfer. The scheme usually begins with a fake notification about a change in transaction details. It ends with the thief redirecting the funds from that transaction into an account they’ve set up for the scam, then disappearing before you realize what’s happened.

In both business wire fraud and other forms of cybertheft, fraudsters typically use phishing and spoofing techniques to access their victims’ email accounts, online accounts, and internal processing systems.

Business Email Compromise and Wire Fraud

Combine business wire fraud and cybertheft of email account information, and you have a scheme known as business email compromise. It usually starts with someone hacking into your company’s email system and monitoring activity. Fraudsters are looking for key personnel to be out of the office so they can make their move.

When they’re ready to pounce, they will find their target – usually a lower-level employee. Then, using an email address that impersonates the email of the high-ranking company executive who is out of the office, the fraudster pressures the target to pay an updated vendor or supplier invoice that appears to be past due.

The employee pays the invoice, believing that they’re following instructions from their superior. They don’t realize that the direct deposit bank account details are false. If the employee attempts to verify information online, they might encounter a dummy website that convinces them that the request is legitimate.

Prevent Business Wire Fraud

Cybercriminals are able to take advantage of unsuspecting business owners and their employees since many are unaware of this growing scam. Don’t make it easy for hackers to access your private information. Once they gain access to your system, they can go undetected for months before you realize something’s wrong. Shield your business from financial loss by taking these steps to keep confidential information and your account funds out of the hands of thieves:

  • Sign up for two-factor authentication with every service or website you use that offers it.
  • Accept automatic updates from your computer and other electronic devices that safeguard your system.
  • Set transaction limits on withdrawals and transfer amounts.
  • Carefully review your bank account online regularly and your bank statement once a month.
  • Avoid giving hackers easy access to your systems by skipping public Wi-Fi; use a virtual private network (VPN) instead.
  • Change passwords on business email accounts every 60 days, and always use strong passwords.
  • Lock your computer anytime you step away from your desk.
  • Exercise dual control so that no single person has complete control of your finances.
  • Follow up on all wire transactions with a phone call, especially if changes are requested. Voice verification with the vendor or customer to identify any discrepancies in the details of the requested transaction is always advised.
  • Require staff to verify any changes to vendor payments with management before processing.
  • Ensure your team follows these and other internal security measures.

Slow down and take time to monitor and question all urgent transaction requests. The extra effort could be worth it. If you suspect someone has tried to fraudulently access your ENB account, contact us immediately at (877) 773-6605.