As fraud schemes continue to target businesses, nonprofit organizations, government and other public sector organizations, the FBI continues to monitor business email compromise, vendor impersonation fraud, payroll impersonation fraud and mortgage closing scams. From 2014 to 2018, the FBI's Internet Crime Complaint Center received 1.5 million complaints citing losses of $7.45 billion. Learn what each of these fraud schemes are, how fraudsters gain access to your information, and how to avoid being a victim. 

Business Email Compromise 

In Business Email Compromise, business email accounts are compromised or impersonated, and used to request the transfer of funds. The fraudster will monitor an employee's business email account for different patterns, contacts and information, such as "out of office" messages or information from the employee's social media accounts. Using this information, the fraudster will wait until the officer is away from their email account to use the compromised email account to send payment instructions.

Avoid Being a Victim:
  1. Train employees to recognize and question changes in payment instructions, requests for secrecy, or pressure to act quickly
  2. Never provide passwords, usernames, authentication credentials or account information when contacted
  3. Use a company domain for business emails; avoid free web-based email accounts
  4. Consider registering domains that closely resemble the company's actual domain to make impersonation more difficult
  5. Don't provide nonpublic business information on social media 

Vendor Impersonation Fraud

Vendor Impersonation Fraud occurs when a business, such as a public sector or government agency, receives an unsolicited request from a fraudster acting as a valid contractor to update payment information for that contractor. Oftentimes, the new payment information could be new routing and account information for ACH or wire payments, or a request to change the payment method from check to ACH or wire payment, for example. Any business can fall victim to this sort of fraud scheme, but public sector entities are especially targeted because their contracting information is often public record. 

Avoid Being a Victim:
  1. Do not ignore calls from a financial institution questioning the legitimacy of a payment 
  2. Authenticate requests to make a payment, change payment information, or change the method of communication before taking any action
  3. Make vendor payment forms available only via secure means or to known entities 
  4. Require changes to payment information to be made or confirmed by site administrators, and use methods like verification codes to existing contacts
  5. Do not "reply" when authenticating emails with payment requests; instead, "forward" the email and type the correct email address or select from a known address book

Payroll Impersonation Fraud

Payroll Impersonation Fraud occurs when fraudsters target employees by asking them to update or confirm payroll information via a fake payroll platform that looks similar to their employer's actual payroll platform. The fraudster could ask the employee to view a confidential email from the Human Resources department or Payroll department, view changes on the employee's account, or confirm that the payroll account shouldn't be deleted. When the employee logs in from a link or attachment in the fraudster's email, they will use the stolen employee's credentials to change their payroll information in the real payroll system. 

Avoid Being a Victim: 
  1. Employees should not enter login credentials when clicking on a link or opening an attachment in an email 
  2. Check that the actual sender email address comes from their employer or payroll service provider rather than looking at the subject of the email first 
  3. Do not reply to suspicious emails; instead, forward them to your company's security contact
  4. Set up alerts on self-service platforms for administrators so any unusual activity is caught before money is lost
  5. Employers should reauthenitcate users accessing the system from unrecognized devices using previously known contact information 

Mortgage Closing Scams

Mortgage Closing Scams occur when a fraudster gains knowledge of a real estate transaction, and impersonates one of the parties to redirect funds to a fraudulent account at or close to the transaction settlement. Fraudsters will often use malware to gain access to email accounts, and monitor an email account to identify a target. The fraudster will then impersonate one of the parties in the transaction to provide new payment instructions to direct funds to an account controlled by the fraudster. Recent FBI statistics show approximately 100 mortgage closing scams are successful and create losses of over $9 million every month. 

Avoid Being a Victim: 
  1. Make real estate brokerages and title companies aware of this type of fraud, and consider using code phrases only known to the parties in the transaction
  2. Educate your real estate customers of this type of scheme, and establish procedures that require verification of payment type and account information before funds are disbursed.
  3. As a consumer, be skeptical of emails containing changes to payment instructions
  4. Verify all emails and phone calls, especially if revised or new payment instructions or change of communication method are provided
  5. Don't click links provided in emails or send sensitive information via email; check with your representative to verify they sent the email


Read the full article to learn how to spot and prevent fraud schemes in your business. 

Read More

Cindy Moyle

Cindy is a Senior Vice President /Information Technology and Operations Director for Heartland Bank. She graduated with a Bachelor of Science in Computer Science from the University of Nebraska-Lincoln. Outside of the bank, Cindy enjoys spending time with her family and going to garage sales and flea markets.

Get the latest news & stories in your inbox!