Each October, National Cybersecurity Awareness Month challenges business owners and financial managers to focus more intently on preventing the payments fraud losses and reputational damage that can be caused by cyberattacks.
When you consider the size and nature of the threat — being a cyberfraud victim can literally put a company out of business — that’s a challenge every organization ought to accept.
About three-quarters of companies were targets of attempted or actual payments fraud attacks last year, according to the annual Payments Fraud and Control Survey conducted by the Association for Financial Professionals (AFP). Nearly one-third of respondents reported an increase in payments fraud over the previous year.
So what should you focus on this month — and going forward — to better manage cyberfraud risk? Start by keeping informed on which scams are producing most of the losses and financial pain, and the best strategies for protecting your organizations against those forms of fraud.
As a bank committed to helping clients prosper, we make it our business to keep our fingers on the pulse of cyberfraud trends — and to keep you updated. Here’s what we’re seeing:
Sophisticated Criminals, Evolving Scams
Cyberfraud has become an industry. Criminal enterprises are organized like corporations, and each year the bad guys get more sophisticated and the scams more difficult to combat.
One of the biggest threats remains business email compromise (BEC) attacks, often in the form of deceptive emails to Accounts Payable personnel. In the AFP survey, nearly two-thirds of respondents said BEC was the primary source of fraud attacks at their organizations. The three most prevalent forms they reported are:
- Emails from third parties that request changes to payments instructions, such as sending payments to a different bank.
- Emails from fraudsters posing as senior executives that direct finance personnel to transfer funds to fraudsters’ accounts.
- Emails from fraudsters impersonating vendors that direct transfers based on real invoices to the fraudsters’ accounts.
The potential for BEC fraud has grown since the pandemic, AFP says, as the many employees who now work remotely sometimes find it more challenging to verify an email’s authenticity.
Another dangerous scam is ransomware. Fraudsters introduce a virus into your systems, encrypt all of your critical business files and demand you pay a ransom to regain access to them. Recent highly publicized ransomware attacks have highlighted the growing threat to businesses of all sizes. Ransoms can be exorbitant, and with these attacks you also run the risk of incurring reputational damage if your customers’ data is breached.
Create an Employee Firewall
The best prevention strategy, most experts say, is training and educating your employees to spot fraud attempts. This is sometimes referred to as creating an “employee firewall.”
Hancock Whitney offers many products that can help in the fight against cyber fraud. Talk to your banker about how those products can protect your check, ACH and wire transactions. But ultimately, your best chance in warding off cyberattacks is to have employees who know the red flags that can alert them to fraud, and who consistently take preventive actions such as properly verifying emailed payment instructions, securing their mobile devices against unauthorized access and using complex passwords.
A Resource for Information, Fraud Solutions
Our mission is to help companies stay on track to achieve their business goals. One way we do that is by providing clients with information and solutions to help them prevent fraud.
Every company should have a cybersecurity plan that emphasizes educating and training employees to spot the newest scams and to use best practices in defeating payments fraud. To learn more, visit our Cybersecurity Awareness web page.
Additionally, if you'd like more information about best practices or how our fraud prevention solutions can support your plan, complete the form below and a Hancock Whitney banker or Treasury Services specialist will contact you to discuss your cybersecurity awareness plan.