Business Fraud Prevention

Having a business mentor is generally a great idea, especially if you know them and have met face-to-face. Fraudsters have begun preying on these business-mentor relationships through business coaching scams. Scammers often sell coaching products that promise to “guide your business to making millions!” In reality, the fraudsters leave subscribers without help and in the hole financially.

Read more from the FTC at https://www.ftc.gov/business-guidance/resources/scams-your-small-business-guide-business. 

Fraudsters love to pose as entities of authority as a fear tactic to get personal or business information and money. Some common entities that scammers try to pretend to be include:

• A utility company saying your gas, electric, or water service is about to be interrupted because of a (fake) late bill.
• A government agent threatening to suspend your business licenses, fine you, or even sue you.
• A resource trying to convince you to buy workplace compliance posters.A business grant program from the government that doesn’t exist.
• The U.S. Patent and Trademark Office saying that you’ll lose your trademark if you don’t pay a fee immediately.
• A tech company threatening that your business will lose its website URL if you don’t pay immediately.

Read More at https://www.ftc.gov/business-guidance/resources/scams-your-small-business-guide-business.

Are you unsatisfied with your current star rating on Google, Bing, or other platform? If so, make sure you don’t fall for online review scams.

“Some scammers claim they can replace negative reviews of your product or service, add positive reviews, or boost your scores on ratings sites. However, posting fake reviews is illegal. FTC guidelines say endorsements — including reviews — must reflect the honest opinions and experiences of the endorser.”

Read More at https://www.ftc.gov/business-guidance/resources/scams-your-small-business-guide-business.

Scammers are becoming increasingly sophisticated in their techniques, mimicking the appearance of legitimate invoices. If you receive a suspicious invoice, pause for a moment and scrutinize the details. Look for any discrepancies, such as different banking account details than your typical vendor, unusual item descriptions, unfamiliar service providers, or unexpected charges. Trust your gut—if something doesn't feel right, it's worth investigating further.

Read more at https://www.southside.com/blog/post/invoice-scam/.

Email account compromise (EAC) is a form of fraud perpetrated on consumers and businesses in an attempt to get you to send funds transfers, ACH transfers and/or check payments. Email account compromise perpetrated on business customers is known as Business Email Compromise or BEC.

The fraudsters find their targets primarily through social media, publicly available company email accounts or social engineering. After the email addresses are harvested, a series of phishing or malware attacks are sent hoping a recipient will click on a hyperlink or open an infected attachment that will allow control of the email account.

If successful, the criminals will divert email conversations so that they are in total control without the victim knowing. They gain access to past email history and the victim’s contacts and customers.  For BEC schemes they will target higher level employees within an organization that have funds transfer authority. They will send instructions from the compromised email address to send funds transfers, change payroll account numbers, create new ACH and Bill Pay recipients, or request cashier checks. 

How can I protect myself?

• Use caution when opening emails and clicking on (or even hovering over) any links that come from unknown sources.
• Use strong passwords and change them often.
• Do not click on “Remember Me” or save your passwords on websites
• Utilize multifactor authentication
• Visit websites that you know and trust
• Use caution on public Wi-Fi

Additional Resources

Stay up-to-date on current email compromise fraud trends at https://www.fbi.gov/BEC.

There are many ways a business can see fraudulent activity, but one of the faster growing methods is via online banking. Corporate Account Takeover (CATO) is a form of corporate identity theft where cyber thieves gain control of a business’ bank account by stealing employee passwords and other valid credentials. Thieves can then initiate fraudulent wire and ACH transactions to accounts they control. Businesses with limited or no internal computer safeguards and disbursement controls for use with the bank’s online banking system are vulnerable to theft when cyber thieves gain access to their computer systems, typically through malicious software (malware). Malware infects a business’ computer system, not just through ‘infected’ documents attached to an email, but also simply when an infected website is visited. Businesses across the United States have suffered large financial losses over the last few years from electronic crimes through the banking system.  Southside Bank has established safeguards to help the bank identify and prevent unauthorized access to your account; however, a shared responsibility between the bank and customer is the most effective way to prevent CATO.

Consider these tips:

• Ensure all business networks/computers are frequently updated with current anti-virus software and firewalls.
• Use caution when opening emails and clicking on (or even hovering over) any links that come from unknown sources. Simply navigating to a page or hovering over a link can potentially infect your machine.
• Use strong passwords and change them often.
• Pay attention to alert emails sent from the bank as they are there to notify you of unusual activity regarding your online profile. (i.e., new recipient added to payroll, password change, etc.)
• Contact us if you have not received your Security Token for use when submitting ACH/Wire transfers.

Southside will continue to monitor online activity closely and appreciates all of the efforts of our customers in preventing online Cyber Crime. Please don’t hesitate to contact us with any questions regarding Corporate Account Takeover as well as any other security issue.

"Phishing" - What is it?

Phishing is a form of criminal activity where individuals pose as legitimate entities to try to obtain or "fish" for personal information.

How does it work?

Individuals masquerade as legitimate companies and send what looks to be an official email, instant message, or fax requesting you "update" or "verify" credit card numbers, bank account information, Social Security numbers, passwords, and any other sensitive information. They will establish what financial institution you are affiliated with and send an official looking email from your bank to get account information.

"Pharming" - What is it?

Pharming is a criminal activity where a website's information is acquired and traffic on that website is directed to another location in order to obtain personal information.

How does it work?

If an individual wants to obtain information illegally they will set up a fraudulent website that looks like the real web site in almost every aspect. They will then use "phishing" tactics to entice people to the website to divulge personal information such as pin numbers, account numbers and passwords.

Please Note: Southside Bank will NEVER send an unsolicited email requesting you to verify your personal information.

How can I protect myself?

• Don't reply to emails from people or companies you don't recognize. Misspelled URL's are common deceptions as well as the @ symbol in web addresses.
• Contact the company cited in the email requesting your information by using a web address you know to be genuine.
• Avoid emailing personal and financial information. If you must, make sure you see the "lock" icon on your web browser's status bar before submitting any personal data. This "lock" icon signals that your information is secure during transmission.
• Be sure your virus protection software is current.

As with all financial transactions, please exercise discretion when using an ATM or night deposit facility. For your own safety, be careful.

The following suggestions may be helpful:

1. Prepare for your transactions at home (for instance, by filling out a deposit slip) to minimize your time at the ATM or night deposit facility.
2. Mark each transaction in your account record, but not while at the ATM or night deposit facility. Always save your ATM receipts. Don't leave them at the ATM or night deposit facility because they may contain important account information.
3. Compare your records with the account statements you receive.
4. Don't lend your ATM card to anyone.
5. Remember, do not leave your card at the ATM. Do not leave any documents at a night deposit facility.
6. Protect the secrecy of your Personal Identification Number (PIN). Protect your ATM card as though it were cash. Don't tell anyone your PIN. Don't give anyone information regarding your ATM card or PIN over the telephone. Don't write your PIN where it can be discovered. For example, don't keep a note of your PIN in your wallet or purse.
7. Prevent others from seeing you enter your PIN by using your body to shield their view.
8. If you lose your ATM card or if it is stolen, promptly notify us. You should consult the other disclosures you have received about electronic fund transfers for additional information about what to do if your card is lost or stolen.
9. When you make a transaction, be aware of your surroundings. Look out for suspicious activity near the ATM or night deposit facility, particularly if it is after sunset. At night, be sure that the facility (including the parking area and walkways) is well lighted. Consider having someone accompany you when you use the facility, especially after sunset. If you observe any problem, go to another ATM or night deposit facility.
10. Don't accept assistance from anyone you don't know when using an ATM or night deposit facility.
11. If you notice anything suspicious or if any other problem arises after you have begun an ATM transaction, you may want to cancel the transaction, pocket your card and leave. You might consider using another ATM or coming back later.
12. Don't display your cash; pocket it as soon as the ATM transaction is completed and count the cash later when you are in the safety of your own car, home, or other secure surrounding.
13. At a drive-up facility, make sure all the car doors are locked and all of the windows are rolled up, except the driver's window. Keep the engine running and remain alert to your surroundings.
14. We want the ATM and night deposit facility to be safe and convenient for you. Therefore, please tell us if you know of any problem with a facility. For instance, let us know if a light is not working or if there is any other damage to a facility. Please report any suspicious activity or crimes to both the operator of the facility and the local law enforcement officials immediately.

©1994 Bankers Systems, Inc., St. Cloud, MN; Form UP-ATM-BRO