New and rising fraud threats
As technology advances, it is easier for companies to digitize their payments and financial tasks. Unfortunately, that means new opportunities for enterprising fraud criminals. External threats are still the primary fraud source; however, more than two-thirds of external fraud is conducted by “frenemies” – those vendors, suppliers and other businesses with whom you have a working relationship. These threats can materialize directly through a "frenemy's" illegal actions or as a result of a trusted vendor being manipulated by an outside fraudster. The threat from non-related cyber criminals is also on the rise, as fraud-as-a-service (underground fraud hosting services purchased as a subscription or for flat-rate fees) continues to proliferate with the rapid sharing and sale of information through underground channels. The fraud threat doesn’t end with payments. Simple but lucrative social engineering attacks, such as phishing and ransomware along with more sophisticated data breaches and account takeovers, require vigilance. The good news is that technologies that protect against these increasingly frequent schemes are more common and more sophisticated. The bad news is that fraud criminals are innovating faster in the development and deployment of scams than countermeasures are being purchased and deployed by businesses.
Business email compromise (BEC)
Spoofed emails have become one of the most prevalent schemes used to hack into a business, accounting for a 136% increase in global dollar losses in less than two years. Criminals study a top executive’s email behavior, and with access to company directories, online calendars and email schedules, create an email that closely mimics the language and style of the executive. They send an email instructing a subordinate to wire transfer money to a certain account – at a time when the “real” executive is in a meeting, traveling or simply unable to be contacted to confirm the instructions. For help combatting BEC, visit the Fraud Protection section of the SunTrust Resource Center.
Business identity theft
Consumer identity theft often takes center stage when breaches occur, but business identity theft is increasing at an astonishing rate – 46 percent year over year during 20174 – becoming an ongoing and growing concern for companies of all sizes. Fraud criminals steal company information, such as Employer Identification Number (EIN) and other identifying data, to commit a variety of financial, tax, website or trademark frauds. Most common are schemes to open card accounts, initiate wire transfers and commit tax fraud in the company’s name. Increased awareness, strong internal controls and vigilance in accounts review can help minimize identity theft. Conducting a risk assessment with your company's auditor, accounting or advisory firm can help identify weaknesses as well as point out the best ways to mitigate them.
Like business identity fraud, synthetic fraud combines real information, often stolen EIN or other business identifiers, and falsified information to create a completely new company identity. Harder to find and trace than business ID fraud, this new “synthetic” company can conduct many fraudulent activities, including becoming a guarantor for loans or lines of credit, before disappearing with its ill-gotten funds, leaving the unsuspecting company with the ensuing debt/liability. The SunTrust Resource Center Fraud Protection section provides additional strategies to fight fraud.
Get our Fraud Protection Strategies report that addresses fraud sources, new and rising threats, and fraud prevention.
1 Pulling Fraud out of the Shadows, Global Economic Crime and Fraud Survey 2018, PricewaterhouseCoopers (PwC)
2 “Business E-mail Compromise, The 12 Billion Dollar Scam,” January 2018, Federal Bureau of Investigation
3 2019 AFP Payments Fraud and Control Survey Report, Association for Financial Professionals (AFP)
4 Business Identity Theft in the U.S., 2018 Report, The National Cybersecurity Society (NCSS)