Skip to main content

Protect your business: 7 common scams and solutions

Risk management

As cybercriminals become more confident and daring, business leaders need to buckle down and adopt defenses. 

Fighting fraud is a never-ending battle, especially during times of uncertainty. So business leaders need to keep cybersecurity best practices top of mind. To help safeguard your business and protect your employees online, here are some of the most common scams and tips for preventing them.

Email fraud

Email scams are becoming increasingly common—94% of malware starts in the inbox.Disclosure 1 Remember to watch out for emails impersonating executives and management. And make verifying requests for wires and transfers part of your standard practice. 

Component ID : "accordionGridLayout-53346668"
Model : "disclaimer"
Position : "left"

[music begins]

[voiceover] Companies experience email fraud when individuals click on a malicious link or provide personal information. The most common email scams appear to come from senior officers at your organization or from existing vendors. They can be difficult to differentiate from legitimate emails, especially as fraudsters become more sophisticated. Stay vigilant. If you see something suspicious, call the person who sent you the email and verify their request.

[music ends]

Phishing

In times of crisis—including economic downturns or political uncertainty—phishers step in to exploit the situation. These instances inspire cyberattackers to pose as reputable organizations or government agencies and send fake emergency-related messages. Phishers ultimately aim to steal email credentials, other private information, or funds. If an email looks even mildly suspicious, err on the side of caution and don't open it.

Component ID : "accordionGridLayout-1037320966"
Model : "disclaimer"
Position : "left"

[music begins] 

[voiceover] Phishing is when hackers and fraudsters pretend to be legitimate businesses in order to steal your personal information or sign-in credentials. It’s a common tactic, because tricking people into revealing information is usually easier than breaking througha device’s defense systems. Beware of unsolicited requests for personal information from senders you don’t recognize, and don’t click on links in emails or text messages that look suspicious.

[music ends]

Social engineering

Social engineering—a strategy that relies on psychological manipulation—can take the form of deception on social media, a text message, or a targeted phishing attack. Protect your company by encouraging the use of multifactor authentication and ensuring your IT systems are equipped with the most up-to-date safeguards.

Component ID : "accordionGridLayout-244435084"
Model : "disclaimer"
Position : "left"

[music begins]

[voiceover] Social engineering—or psychological manipulation—is the basis for nearly every attempted cyberattack. Cybercriminals can try to trick you into providing private information by offering fraudulent promotions or IT help over the phone or email. Verify any source that requests information from you, and never give out personal, financial, or company details unless you’re already familiar with the person on the receiving end.

[music ends]

Password theft

You and your team may be relying more on video chat and other password-protected forms of communication as remote work increases. More passwords mean more opportunities for password compromise. Consider urging employees to update passwords frequently, whether they work from home or not, and use unique passwords on different platforms to reduce risk.

Component ID : "accordionGridLayout-1758255102"
Model : "disclaimer"
Position : "left"

[music begins] 

[voiceover] Password theft happens when hackers get username and password combinations from less secure sites, then use these passwords to make purchases, move money, or steal data. Strong password security defenses keep your employees and company safe. Promote best practices by requiring teammates to create secure, unique usernames and passwords for every online account they use. 

[music ends]

Card skimming

The U.S. is the most credit card fraud-prone country in the world.Disclosure 2 That means e-commerce websites are susceptible to hackers who can attack with malicious code designed to capture credit card information. Make sure you are using an encrypted form or secure website to enter any financial details. Better still: When possible, use a third-party payment system, which provides an additional layer of security.

Component ID : "accordionGridLayout-57018052"
Model : "disclaimer"
Position : "left"

[music begins] 

[voiceover] Card skimming happens when a thief places a hard-to-detect device over a card scanner somewhere like an ATM or gas pump. As you swipe, the device intercepts and stores your information for the thief to take advantage of later. Whenever you use a card reader, watch for misalignments in the card-reading slot, or partially covered stickers or text. And play it safe—if anything seems out of place, try to use a different machine.

[music ends]

Automated clearing house (ACH) fraud

A new ACH Rules for Corporates Resource Center can now help you stay informed on ACH-related news that may impact your business. Overall, ACH fraud can be avoided by overcommunicating with vendors and other partners, relying on ACH fraud control options, and using a Universal Payment Identification Code. Ask your employees to be similarly vigilant.

Component ID : "accordionGridLayout-300272249"
Model : "disclaimer"
Position : "left"

[music begins]

[voiceover] ACH fraud is one of the fastest-growing types of deception techniques, especially as criminals create more sophisticated scams and use the latest technology to their advantage. A common trick is to infiltrate a vendor’s contact information and respond to apreviously sent message, so it appears to be part of the same chain or thread. Some even use details from social media to make the email, text, or online message seem like it's coming from a trusted contact.One of the best ways to prevent fraudulent transactions is to have close relationships with vendors.Check in with them to verify any unusual or first-time requests, changes in contact information or remittance addresses, or changes in wiring or ACH instructions. Whenever possible, confirm any change with two sources.Monitoring incoming ACH payments is just as critical. Truist offers fraud prevention services that allow you to block or review ACH debit transactions before they deposit to your account. We also offer a Universal Payment Identification Code, which gives you masked account numbers for receivables to help prevent unauthorized charges to your account. It can be good to remind everyone within your organization that time spent reviewing ACH transactions upfront can reduce time spent rectifying problems later. 

[music ends]

Card not present

With more business being handled over the phone than in person, the risk of card-not-present fraud is more prevalent than before. In addition to ensuring all card information remains secure, businesses should be wary of accepting stolen (or fake) credit card payment information over the phone. To avoid this type of scam, don't deliver goods to anyone without verifying their identity, and request payment for larger orders by bank transfer.

Component ID : "accordionGridLayout-234306529"
Model : "disclaimer"
Position : "left"

[music begins] 

[voiceover] Fraudsters no longer need to steal a physical debit or credit card to go on a spending spree at your business’s expense. Through sophisticated technology, criminals can now commit fraud by using a card’s information. This is called card-not-present fraud. One of the best defenses against this fraud is a series of simple security checks: always keeping cards in a safe place, not sharing cards or card information among employees, and actively reviewing transaction statements to identify and report suspicious card activity.Don’t forget to double-check the URL of retail websites to make sure you're shopping on the real site—some copycat sites can look very similar. Card information can also be compromised when someone uses an unsecured Wi-Fi network, such as the public connection at a coffee shop or hotel. If public Wi-Fi is your only option, follow best practices by encrypting your session or using a virtual private network.You may want to consider additional account protections, like restricting purchases to those that match a predetermined merchant code or using dynamic card numbers. And when cardholding employees leave the company, close any cards they had access to immediately. 

[music ends]

Protect your business from the threat of fraud

Contact your Truist relationship manager for more information.

Related resources

    {0}

    {0}

    {2}
    {6}
    {7}
    {8}
    {9}
    {12}
    {10}
    {11}

    {3}

    {1}
    {2}
    {6}
    {8}
    {9}
    {10}
    {11}
    {14}
    {12}
    {13}
    {1}
    {2}
    {7}
    {8}
    {9}
    {10}
    {11}
    {14}
    {12}
    {13}
    Component ID : "accordionGridLayout-1624256768"
    Model : "disclaimer"
    Position : "left"

    Disclosure 1 “Top cybersecurity facts, figures and statistics,” March 9, 2020, CSO Online

    Disclosure 2 “Credit card fraud will increase due to the Covid pandemic, experts warn,” Feb. 1, 2021, CNBC.com

    Disclosures

    Truist Bank, Member FDIC. © 2024 Truist Financial Corporation. Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.

    Equal Housing Lender

    Investment and Insurance Products:

    • Are Not FDIC or any other Government Agency Insured
    • Are Not Bank Guaranteed
    • May Lose Value

    Services provided by the following affiliates of Truist Financial Corporation (Truist): Banking products and services, including loans and deposit accounts, are provided by Truist Bank, Member FDIC. Trust and investment management services are provided by Truist Bank, and Truist Delaware Trust Company. Securities, brokerage accounts and /or insurance (including annuities) are offered by Truist Investment Services, Inc., and/or P.J. Robb Variable, LLC., which are SEC registered broker-dealers, members  FINRA, SIPC, and a licensed insurance agency where applicable. Investment advisory services are offered by Truist Advisory Services, Inc., GFO Advisory Services, LLC, Sterling Capital Management, LLC, and Precept Advisory Group, LLC, each SEC registered investment advisers. Sterling Capital Funds are advised by Sterling Capital Management, LLC. Insurance products and services are offered through McGriff Insurance Services, LLC. Life insurance products are offered through Truist Life Insurance Services, a division of Crump Life Insurance Services, LLC., AR license #100103477. Both McGriff and Crump are wholly owned subsidiaries of Truist Insurance Holdings, Inc.

    Mortgage products and services are offered through Truist Bank. All Truist mortgage professionals are registered on the Nationwide Mortgage Licensing System & Registry (NMLS), which promotes uniformity and transparency throughout the residential real estate industry. Search the NMLS Registry.

    Comments regarding tax implications are informational only. Truist and its representatives do not provide tax or legal advice. You should consult your individual tax or legal professional before taking any action that may have tax or legal consequences.

    "Truist Advisors" may be officers and/or associated persons of the following affiliates of Truist, Truist Investment Services, Inc., and/or Truist Advisory Services, Inc. Truist Wealth, International Wealth, Center for Family Legacy, Business Owner Specialty Group, Sports and Entertainment Group, and Legal and Medical Specialty Groups are trade names used by Truist Bank, Truist Investment Services, Inc., and Truist Advisory Services, Inc.

    Truist Securities is a trademark of Truist Financial Corporation. Truist Securities is a trade name for the corporate and investment banking services of Truist Financial Corporation and its subsidiaries. All rights reserved. Securities and strategic advisory services are provided by Truist Securities, Inc., member FINRA and SIPC. Lending, financial risk management, and treasury management and payment services are offered by Truist Bank. Deposit products are offered by Truist Bank.

    Applications, agreements, disclosures, and other servicing communications provided by Truist Bank and its subsidiary businesses will be provided in English. As a result, it will be necessary for customers to speak, read and understand English or to have an appropriate translator assisting them. Truist offers the following resources for consumers that have Limited English Proficiency:

    • Multilingual teammates available at our Multicultural Banking Centers
    • Materials for some products and services are available in Spanish, Korean, Vietnamese, Mandarin, and other languages spoken in the communities we serve.
    • Phone assistance in Spanish at 844-4TRUIST (844-487-8478), option 9. For assistance in other languages please speak to a representative directly.

    New York City residents:

    Translation or other language access services may be available. When calling our office regarding collection activity, if you speak a language other than English and need verbal translation services, be sure to inform the representative. A description and translation of commonly-used debt collection terms is available in multiple languages at http://www.nyc.gov/dca.

    • Limited English Proficiency Support
    • New York City residents

    Borrowers with Limited English Proficiency (LEP) needing information can use the following resources:

    Site footer

    Footer Navigation

    Banking products
    About Truist
    Resources
    Support

    © 2024, Truist. All Rights Reserved.