The escalating threat of business email compromise
When it comes to fraud schemes, business email compromise (BEC) is one of the most financially damaging. In 2020, 62% of businesses reported attempted or committed BEC fraud.1
BEC criminals often use a handful of email-based techniques to obtain illicit funds from their targets:1
- Spoofing an email account and making it difficult to detect changes that appear to be from a legitimate source.
- Sending phishing emails that appear to be from trusted sources to trick the recipient into divulging confidential information.
- Compromising a genuine email account to issue fraudulent payment instructions.
- Using malware to infiltrate the network so they can view payments and invoices and create scam payment requests through legitimate email accounts.
The last step of a BEC scheme is often a wire transfer, used in 43% of the cases to move funds and complete the fraud.1
When the threat comes from within
Though external threats often draws the headlines, internal fraud can be just a damaging. Internal fraud actually hits smaller organizations harder than larger ones—billing fraud happens at double the rate in smaller companies while check and payment tampering occurs four times more often.2
Internal fraud makes up 37% of all business fraud, and another 20% of fraud involves collusion between an internal and an external partner.3 Many of those convicted of fraud were living above their means, with a quarter of criminals experiencing financial difficulties.2
Most internal fraud loss involves some form of financial asset misappropriation:2
- Theft of cash on hand
- Check and payment tampering (stolen checks, false invoices)
- Expense reimbursement padding
Internal fraud can carry painful financial consequences. The typical internal fraud lasts 14 months before it’s detected and generates losses averaging $8,300 per month.2
How to reduce the risks of fraud
To help protect your association from fraud, focus on prevention. Key strategies include:
- Increased transparency – Share detailed payment, collection, and account information at each board meeting. Hold the appropriate people accountable.
- Regular account reconciliations and audits – Have your CPA conduct random audits of financial accounts. This is especially important when there is management or board turnover.
- Strong internal/dual controls – Approve checks or have two people sign over a certain amount. This can catch payment errors as well as curb fraud.
- Secured and monitored blank check supplies – Keep association blank checks secure, and periodically review the stock to ensure a check has not been removed.
- Team-wide fraud awareness – Conduct regular education sessions to keep fraud awareness top of mind and engage the entire team in identifying fraud before it strikes.
- Secure insurance from loss – Fraud and cybercrime insurance can help associations deal with the damage and losses from fraud attacks. Be sure to update your policy annually to cover the most important risks to your association and its homeowners.