What you should know about business email fraud and online fraud.
Hackers perpetrate scams in many ways. A common way is to send fraudulent email appearing to be from a known source (an executive of your company or a client, for example) requesting bank transactions or other financial information. Hackers can also fabricate or steal an email address and use it to invite you to click on a link to a bogus website. If you follow the email instructions from a fraudster or provide confidential information, such as your user ID, password, account number, or tax ID number, then online fraud can take place, potentially putting you and your company at risk.
By proactively enhancing your company’s security, you can reduce the risk of email fraud and online fraud and minimize threats.
- Safeguard your company’s online access and password.
- Create passwords that are not easily guessed. Avoid using personal information, such as your last name or birthday.
- Use different user ID and passwords for multiple websites.
- Don’t record or save passwords, IDs, or other sensitive information on your computer.
- Don’t share your passwords or other login credentials with anyone.
- Don’t share company user IDs. Each user must have a unique user ID and password.
- Remind users to change their passwords frequently.
- Log out or lock your computer when you are away from your workstation.
- Avoid using automatic login features that save usernames and passwords for online banking.
- Never access bank, brokerage or other financial services information at Internet cafes, public libraries, etc. Unauthorized software may have been installed to trap account number and sign on information leaving you vulnerable to possible fraud.
Maintain internal controls and policies.
Maintain appropriate internal controls, including segregation of duties, and periodically review them. For example, require one user to set up or initiate payments and another to approve the payments. Make sure to delete user profiles that no longer need access.
- When approving transactions, carefully review all details, paying close attention to the beneficiary routing number and account number.
- Set up customized account alerts, like balance minimums, through online banking, so you know when certain account activity takes place.
- Do not approve transactions by batching them together, and be sure to review and approve each one individually.
- If you initiate ACH and wire transfer payments, do so under dual control, with a transaction originator and a separate transaction authorizer.
- Verify payment or change requests with the vendor. You could receive a fraudulent email disguised to be from a known vendor. When a payment is made, the funds are sent to the fraudster instead of the intended vendor.
- Review and reconcile banking transactions daily.
- Perform periodic risk assessments of the banking products/services your company uses, including regular reviews of user access levels, dollar limits and activity.