Enterprise Bank & Trust
The Billion Dollar Scheme

The Billion Dollar Scheme

September 27, 2017

Chris A. McCulloch, CFE, Senior Vice President, Corporate Security Officer at Enterprise Bank & Trust

Over the past month we have seen vulnerability. The Equifax breach that affects over 143 million individuals is not to be taken lightly. The impact will continue to unfold and Americans will be on high alert on how to protect themselves moving forward and might ponder what they can do to in the future to prevent fraud. There are ten practical steps that you can take to help protect yourself from fraud.

The recent breach sheds light on fraud in general. It’s a multi-billion-dollar scheme and continues to grow as fraudulent activity becomes more advanced and embedded into your company. An Association of Certified Fraud Examiners study estimates that typical organizations lose a median of 5 percent of revenues annually due to fraud. They also found that companies with less than 100 employees are particularly vulnerable because they are less likely to implement anti-fraud controls that can detect fraud sooner.

We often think of fraud as a large scale hacking effort. Stolen information is a serious threat that should not be taken likely, but fraud happens more often internally with associates who are duped into transferring money into a fraudulent account. This is known as business email compromise (BEC) and we have seen more and more BEC cases in 2017 than prior years.

How does BEC unfold?

A typical scenario is a hacker taking over an email account and asking for a transfer of money. The request appears to be legitimate because it appears to be from a known vendor or senior manager. The associate then willingly transfers money to an account that is not the vendor or manager, but rather a fraudulent account.

How can you protect yourself?

The U.S. Federal Bureau of Investigation (FBI) has issued a warning to businesses on the fastest growing scam. According to the FBI, there was a 2,370% increase from 2015 to 2016 in documented BEC cases. “The best way to avoid being exploited is to verify the authenticity of requests to send money by walking into the CEO’s office or speaking to him or her directly on the phone,” said Special Agent Martin Licciardo. “Don’t rely on e-mail alone.”

Here are other methods the FBI recommends that businesses have employed to safeguard against BEC:

  • Create intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail. For example, legitimate e-mail of abc_company.com would flag fraudulent e-mail of abc-company.com.
  • Create an e-mail rule to flag e-mail communications where the “reply” e-mail address is different from the “from” e-mail address shown.
  • Color code virtual correspondence so e-mails from employee/internal accounts are one color and e-mails from non-employee/external accounts are another.
  • Verify changes in vendor payment location by adding additional two-factor authentication such as having secondary sign-off by company personnel.
  • Confirm requests for transfers of funds by using phone verification as part of a two-factor authentication; use previously known numbers, not the numbers provided in the e-mail request.
  • Carefully scrutinize all e-mail requests for transfer of funds to determine if the requests are out of the ordinary.

Other fraudulent activities that occur regularly are counterfeit checks, fraudulent ACH, wire transactions, and stolen checks. A great way to reduce the burden on your company is to arm yourself with various protection tools that your bank and insurance company can provide. These security solutions include positive pay, debit filter, and fraud liability insurance.

And don’t forget that even if you recoup your money, you will lose a lot of time dealing with legal matters, including court time, testimony, and documentation. Our blog offers much more on fraud prevention, including "Identifying the Top 4 Types of Fraud," "8 Steps to Prevent Small Business Fraud" and "Business Owner's Guide to ACH Fraud Prevention."

The bottom line? Fraud will continually be a threat to a company’s viability. As I finish writing this blog today, the financial industry is learning about a new fraud scheme involving text messaging. Fraud will continue to take on various forms and the schemes will try to manifest into our normal work responsibilities. It’s important to implement best practices and protection tools to eliminate the risk.


Note:  Enterprise Bank & Trust is not responsible for the content managed on third party sites.