The typical business loses 5 percent of its annual revenue to fraud, according to the Association of Certified Fraud Examiners. Financial statement fraud causes the greatest median loss, with an average of $975,000 per scheme.
As a financial institution concerned with protecting our customers from scams, we bring experience in identifying scams and preventing being taken in by them. The following are the three top scams circulating in Arizona and actions businesses can take to protect against them.
Phishing or spoofing is the most common type of online fraud. A fraudster obtains email addresses of a business’s employees and sends out an email that appears to be from that business’s financial institution. These emails threaten to close accounts or claim that the business’s financial information has been compromised. The fraudster’s goal is to make an employee act quickly without thinking about what he is doing. The email directs the employee to a website through a link in the email that leads to what looks like the institution’s website — but is actually a well-constructed fake. Once there, the employee is asked to provide confidential information, such as a business account number, password, credit card number, PIN or other confidential information.
A business should advise all its employees to never click on links in any email that looks suspicious. They can use their mouse to hover over a link to detect the true website URL, which can be useful in distinguishing a legitimate site from a fake one. The business should contact its financial institution directly by phone or through its official website link if there are any questions or concerns about the content of emails any of its employees receive.
Vishing (Voice Phishing) is a form a fraud that attempts to get personal information about a company through phone calls to its employees. A fraudster will use a social site such as LinkedIn to learn who works in an office, then use the business’s general phone number to contact them. The caller will claim to be from the business’s financial institution and needs company information, such as credit card numbers, personal identification numbers (PINs), bank account numbers, Social Security numbers or other confidential information. Sometimes, the call will be an automated recording requesting personal information; other times, it may be a live caller. They will often claim that the business’s accounts are suspended or payments are overdue to scare the employee and cause him to act without thinking.
It is important to remember that a financial institution will never ask for personal information by phone or through email. A business should not give out any information over the phone to unknown callers. Instead, it should contact its financial institution or credit card company directly to verify the validity of the message and any action required.
Certified Check Fraud
Fraudulent certified checks are a growing concern in Arizona. Fraudsters will obtain a real check from a financial institution and make their own version that looks similar to the real thing. They will then attempt to make a purchase with the fraudulent check. Often, they will make it out for more than the cost of the item they’re buying and ask for the difference in cash. Once a business deposits the check, its financial institution notifies the business of the fraud and that company is responsible to return the money to the bank.
The best way a business can avoid this scheme is to call the issuing bank and verify the validity of the cashier check before accepting it as payment.
Being aware of these business scams in Arizona is businesses’ first line of defense against these types of fraud. It’s always worth the expense and effort to take the necessary steps to prevent fraud before it happens. That enables business owners to channel their profits into building their business instead of paying for the aftereffects of a scam.
Robert Gibboni is the senior vice president of Risk Management at OneAZCredit Union.