Contact

Common Business Fraud

Business Email Compromise 

  • Business email is taken over, and an email is sent appearing to be legitimate.  Payment details and/or account information will be requested to be changed, and then an urgent payment will need to be sent. 
 

Check Fraud

  • The deposit account number is compromised, then used to create fake checks, with the business account number to be used.
  • Checks are stolen from mailboxes, altered and processed. 
 

CEO Fraud a.k.a. Whaling/Whale Phishing

  • Criminals will target executives in the business.  The high-level employee will then appear to be requesting payments to be sent, and due to their level of seniority, other employees do not question and instead act. 
 

Social Engineering

  • Numerous methods used to trick employees into giving control over their devices or to share information that can later be used against the business to commit fraud. 
 

Payroll Diversion

  • Human resources receive an email from an email address that is compromised.  Direct deposit aka payment information is asked to be updated, and future payroll is sent to a fraudulent account.  
 

Best Practices to Prevent Fraud

  • Continued fraud and scam conversations at meetings, training employees routinely on fraud and scam red flags.
  • Strict procedures for verbal verification of all payments, invoices, and account changes.
  • Do not have one employee responsible for everything. Keeping tasks separate will assist in identifying fraud earlier.
  • Check and ACH positive pay if available through your financial institutions utilized.
  • Use digital banking for account reviews daily.
  • Review fraud controls with all vendors that are active in your business.
  • Enforce separation of tasks in processes at your business. Do not have one employee doing all transactions and reconciliation tasks.
  • Verify all payments and transactions verbally each time. Have a process in place to urgently address any discrepancies.
  • Review transactions timely, best practice is each day. This allows the business to report to the financial institution quickly, for the best possible recovery opportunity.
  • Secure account numbers, EIN, any “number” that could be used against the business to commit financial crime.
  • Have an IT cyber security expert available to consult when the need arises.
  • Minimize the amount of paper your business uses. Any paper trail of account information provides a risk.  
  • Move to as many digital payment options as available. Minimize use of paper checks. 
 

What to Do When Fraud Happens

  • Secure accounts and information immediately.
  • Contact your Financial Institution urgently.  Each moment counts when attempting to stop fraud and recover losses.
    • Your Financial Institution can assist in the next steps, which often will include:
      • Reporting the incident to law enforcement.
      • Reporting to FTC, IC3.gov, and others.
  • When the fraud incident is secure and under control, review current business practices and ensure the risk for future events is mitigated.
 

Fraud Resources for Businesses

Federal Trade Commission




If you’re ever concerned about a phone call, email, or text that looks like it’s from First Bank & Trust, don’t provide any information.

Instead, contact us immediately.

 
Call us toll-free at 800.843.1552 or ​send us a message in Digital Banking.
 
If you prefer a face-to-face conversation, visit us at your nearest First Bank & Trust location.