Last year, the FBI reported that US companies lost over $6.9 billion in cybercrimes. The bulk of those? Crimes by business email compromise, bank statement fraud and wire transfer fraud. When hackers steal your hard-earned money and financial data, it compromises your entire business operation. Businesses stand to lose much more than cash – trade secrets and passwords can be accessed. Assets from all departments are at risk. In this piece, you’ll learn about bank statement fraud, and how to protect your company from falling victim to it.
What are some examples of bank statement fraud?
Wire transfer frauds have been around since the internet began. But each year, businesses are susceptible to more creative hacking techniques that leave them vulnerable. The most common type of wire transfer fraud is a phishing scam.
Phishing scams
A phishing scam is also known as business email compromise.
Scammers start by cloning your company emails or buying up similar domains for one of your suppliers. When they reach out, they are able to fool employees into believing that the email is real. They send a fake email requesting either money (via an invoice) or asking your employee to reveal sensitive information.
Some examples of phishing emails include:
- A fake “suspicious login attempted” email so that you reveal your password
- False invoice to get money wire transferred
- A payment link email that will download malware onto your computer
Since the hackers use urgency techniques, employees can be fooled easily into wire transfer fraud without checking the details of the email. Moreover, sometimes criminals can gain access to the system for weeks or months before they target your people. Scammers can make their attempts sound more genuine by confirming a relationship with a certain supplier or using familiar language.
How to detect and avoid phishing
These days, there are a number of security or software programs that should help protect your business against unauthorized access. However, criminals can still slip through the cracks with wire transfer fraud.
There are two major workplace culture ways to prevent phishing in your business.
The first is to build an environment where your employees work without time pressures and trust their supervisors. This would make spotting a suspicious email easier: since there’s usually a generic greeting, spelling mistake, or problem in the sender address. Moreover, the employee would not succumb to the urgency pressures inside the email.
Secondly, you can avoid falling victim to phishing scams by building in a set of controls around invoices and security. This makes it harder for criminals to steal your information, and money.
For example, ensuring that invoices are validated by three-way matching and then account details are verified with the real name and address. Likewise, the authority to wire money should only be granted to a handful of individuals. Fraud training is also important.
Some of the other things that your business can do to spot and prevent phishing include:
- Protecting remote employees with built-in computer software
- Upgrading the spam filter on your email systems
- Applying multi-factor authentication to access accounts
- Backing up your data in a cloud location
What are the types of bank statement fraud in the corporate world?
Corporate fraud can have similar results to phishing, with companies losing out on millions if it’s not spotted on time. The types of corporate fraud you should be aware of include:
- Bank transfer fraud
- False supplier fraud
- President or CEO fraud
- False customer fraud
- Internal fraud risk is also not negligible
Bank transfer fraud
The most common type of bank wire transfer fraud is through an authorized push payment. Most people are familiar with these since banking apps and online payments technologies are so common.
How does it work?
The criminal poses as your bank, an official body or another genuine payee by sending a notification. Since authorized push payments act as an anti-fraud measure, employees are usually not suspicious at all. But this is a malicious attack. Granting the payment means that the criminal walks away with your money, and as an instant payment, clear out the cash before your accountants can catch up.
False supplier fraud
As the name would suggest, this type of fraud leads a criminal to impersonate one of your known suppliers, or create a new supplier persona. They send an invoice for work they haven’t completed or intercept a genuine invoice by changing the bank details from a real supplier. This is another form of wire transfer fraud.
Many businesses fail to protect themselves against false suppliers since the technique relies on social engineering. After initial verification, most businesses won’t continue monitoring their suppliers’ details. But this is when criminals strike – so it’s required for companies to detect and prevent falling victim to false supplier fraud.
CEO Fraud
This technique involves the hackers impersonating your CEO or another senior figure in the business.
A version of this fraud became very popular during 2021, known as the gift card scam. Here’s how it works:
- Criminals would spoof the email address of the CEO and send out a company-wide email, asking for employees to buy thousands of dollars worth of gift cards
- Once purchased, the employee is then tasked with photographing the gift cards, ensuring that their ‘boss’ can see their codes
- Within minutes, the value of the gift cards are reduced to $0 as the criminals steal from the other end
- The employee is none-the-wiser until they next see their boss or try to claim the gift cards on expenses
Fraud on the President can also happen through invoicing, cloning the CEO’s email address and urgently requesting finance to pay a fake invoice.
False customer fraud
There are a number of different ways that fraudsters impersonate your customers, through:
- Chargebacks after they receive product
- Using somebody else’s payment details
- Requesting a line of credit from your business
False customer fraud typically affects small businesses more than large, since they use third party programs to take payments instead of their own systems. This creates a responsibility gap, leaving the companies vulnerable to unfair chargebacks. Plus, it’s harder to three-way matching the documents – which could miss any payment detail discrepancies.
Internal fraud
Corporate fraud includes the likes of your own employees skimming money from the business. Most commonly, internal fraud is done through expenses, where your member of staff claims false expenses or for costs unrelated to their work.
This is incredibly common, with 85% of employees admitting to lying on their expense reports. And it’s even easier to get away with for those working from home as it’s harder to verify how employees are spending their working hours.
How to spot a fake bank statement
Financial professionals must be vigilant in detecting fraudulent bank statements. To help identify fake documents, start by examining the overall layout and formatting. Legitimate statements typically maintain consistent fonts, spacing, and alignment. Check the bank’s logo and contact information for any discrepancies or low-quality images.
Carefully review account details and transaction history. Look for inconsistent numbering patterns in account numbers or suspicious transaction sequences. Verify that the running balance accurately reflects all listed transactions. Be wary of round numbers or repetitive transaction amounts, which may indicate fabricated entries.
Digital analysis can be a powerful tool in detecting fraudulent statements. Use software to examine data and verify document authenticity. Cross-reference suspicious transactions with other financial records or directly with the bank. Pay attention to unusual text formatting or misaligned numbers, which may suggest digital manipulation.
Remember that genuine bank statements often include security features like watermarks or microprint. If in doubt, always contact the issuing bank to confirm the document’s legitimacy.
How to fight against bank statement fraud in companies?
Since this type of fraud is so prevalent, there are now dozens of ways to protect your company from wire transfer fraud and corporate fraud. In some jurisdictions, this is even written into operational regulations.
KYC
The Know Your Customer (KYC) Framework is an anti-money laundering and counter-terrorism measure that applies to businesses in certain high-risk industries, such as insurance.
It’s a framework that enforces companies to perform proper due diligence on their customers, including identification and verification checks. KYC promotes continuous monitoring, allowing professionals in high-risk industries to spot suspicious activity and prevent fraud. Compliance with this framework is legally required under the US Bank Secrecy Act and Patriot Act.
Reinforcing the culture of bank fraud risk in companies
Any new starter should receive training from the finance department on bank fraud. But knowing how quickly fraudsters are inventing new methods, regular training should become part of the culture.
Establishing proper controls within your organization is key. A step-by-step process for onboarding new payees and automated checkpoints are recommended. Plus, only a few key members of your treasury should be able to authorize outbound payments.
Use Trustpair, the platform to prevent B2B fraud
Without proper measures in place, companies are leaving it to chance. But with the right protection strategy, even the tiniest hint of a scam will be caught before your business is infiltrated.
Trustpair specializes in preventing B2B payment fraud (i.e. vendor fraud). We facilitate a secure payment process for each of your transactions; both outwards to suppliers and inbound from customers. No false supplier invoices, and no corporate customer fraud.
If you’d like to discover how we minimize third party risks and verify international accounts, request a Trustpair demo.