Protect your business: 7 common scams and solutions

Risk management

As cybercriminals become more confident and daring, business leaders need to buckle down and adopt defenses. 

Fighting fraud is a never-ending battle, especially during times of uncertainty. So business leaders need to keep cybersecurity best practices top of mind. To help safeguard your business and protect your employees online, here are some of the most common scams and tips for preventing them.

Email fraud

Email scams are becoming increasingly common—94% of malware starts in the inbox.Disclosure 1 Remember to watch out for emails impersonating executives and management. And make verifying requests for wires and transfers part of your standard practice. 

Component ID : "accordionGridLayout-53346668"
Model : "disclaimer"
Position : "left"

Fraud Prevention 101 – Email Fraud

(Visual Description: Fraud Prevention 101: Email Fraud

Truist title and logo in the lower right corner.

Email fraud, avoid falling for this common trick into sharing sensitive information.

Definition reads: Email Fraud - A fraudulent email scheme performed by a dishonest individual, group or company in attempt to obtain money or something else of value.)

Companies experience email fraud when individuals click on a malicious link or provide personal information. 

(Visual Description: An example of a suspicious email from CEO memo <marky.shurtserberg@phase.book.com.ru> is shown on a computer screen. The email contains a button that reads “Meeting” which is clicked. A motion graphic follows to depict that the user’s computer has been compromised. 

The most common email scams appear to come from senior officers at your organization or from existing vendors. 

They can be difficult to differentiate from legitimate emails, especially as fraudsters become more sophisticated. 

Stay vigilant. If you see something suspicious, call the person who sent you the email and verify their request.

(Visual Description: Learn to keep your business safe

Truist logo and Truist Title appear in the center of page. 

Contact your Truist relationship manager or treasury consultant for more information on fraud protection.

Disclosure:

Truist Bank, Member FDIC. © 2021 Truist Financial Corporation. Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.)

Phishing

In times of crisis—including economic downturns or political uncertainty—phishers step in to exploit the situation. These instances inspire cyberattackers to pose as reputable organizations or government agencies and send fake emergency-related messages. Phishers ultimately aim to steal email credentials, other private information, or funds. If an email looks even mildly suspicious, err on the side of caution and don't open it.

Component ID : "accordionGridLayout-1037320966"
Model : "disclaimer"
Position : "left"

Fraud Prevention 101 – Phishing

(Visual Description: Fraud Prevention 101: Phishing.

The Truist logo is displayed in the lower right corner.

Description reads: Phishing: Phishing relies on human error to access secure information.)

Phishing is when hackers and fraudsters pretend to be legitimate businesses in order to steal your personal information or sign in credentials. 

(Visual Description: Dictionary definition reads: Phishing: The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. )

It's a common tactic because tricking people into revealing information is usually easier than breaking through devices defense systems.

Beware of unsolicited requests for personal information from senders who don't recognize and don't click on links and emails or text messages that look suspicious.

(Visual Description: The graphic shows an illustration that reads Click Here with the “no symbol” over it.

Spot the signs of phishing attempts.

Truist title and logo appear in the center of the page.

Contact your Truist relationship manager or treasury consultant for more information on fraud protection.

Disclosure: Truist Bank, Member FDIC. © 2021 Truist Financial Corporation. Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.)

Social engineering

Social engineering—a strategy that relies on psychological manipulation—can take the form of deception on social media, a text message, or a targeted phishing attack. Protect your company by encouraging the use of multifactor authentication and ensuring your IT systems are equipped with the most up-to-date safeguards.

Component ID : "accordionGridLayout-244435084"
Model : "disclaimer"
Position : "left"

Fraud Prevention 101 – Social Engineering

(Visual Description: Fraud Prevention 101: Social Engineering

Social Engineering: This scheme is behind most fraudulent attempts. 

Dictionary definition reads: Social Engineering -

2. (in the context of information security) the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.)

Social engineering or psychological manipulation is the basis for nearly every attempted cyber-attack.

Cyber criminals can try to trick you into providing private information by offering fraudulent promotions or IT help over the phone or email.

Verify any source that requests information from you. 

And never give out personal, financial or company details, unless you're already familiar with the person on the receiving end.

(Visual Description: Learn more tips for staying vigilant

The Truist title and logo appear in the center of the page. 

Contact your Truist relationship manager or treasury consultant for more information on fraud protection.)

Disclosure: Truist Bank, Member FDIC. © 2021 Truist Financial Corporation. Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.

Password theft

You and your team may be relying more on video chat and other password-protected forms of communication as remote work increases. More passwords mean more opportunities for password compromise. Consider urging employees to update passwords frequently, whether they work from home or not, and use unique passwords on different platforms to reduce risk.

Component ID : "accordionGridLayout-1758255102"
Model : "disclaimer"
Position : "left"

Fraud Prevention 101 – Password Theft

(Visual Description: Fraud prevention 101: Password theft

Truist title and logo in lower right corner.

Password theft: Set companywide guidelines to make sure passwords are harder to compromise. 

Dictionary definition reads: Password theft – 1. The action or crime of stealing someone’s electronic credentials.)

Password theft happens when hackers get username and password combinations from less secure sites. 

(Visual Description: An animation of a hacker using electronic means to steal a user’s credentials.) 

Then use these passwords to make purchases, move money or steal data. 

(Visual Description: The screen transitions to an animation of a secured computer.)

Strong password security defenses keep your employees and company safe. 

Promote best practices by requiring teammates to create secure, unique usernames and passwords for every online account they use. 

(Visual Description: Best practices are key to your company’s security. 

Truist title and logo appear in the center of the page.  

Contact your Truist relationship manager or treasury consultant for more information on fraud protection.

Disclosure: Truist Bank, Member FCIC copyright 2021 Truist Financial Corporation. Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.)

Card skimming

The U.S. is the most credit card fraud-prone country in the world.Disclosure 2 That means e-commerce websites are susceptible to hackers who can attack with malicious code designed to capture credit card information. Make sure you are using an encrypted form or secure website to enter any financial details. Better still: When possible, use a third-party payment system, which provides an additional layer of security.

Component ID : "accordionGridLayout-57018052"
Model : "disclaimer"
Position : "left"

Fraud Prevention 101- Card Skimming

(Visual Description: Fraud prevention 101: Card skimming

Truist title and logo in the bottom right corner. 

Card skimming: Keep your card information secure by watching for inconsistencies.

Dictionary definition reads: Skimming - 1. The action of fraudulently copying credit or debit card details with a card swipe or other device.  )

Card skimming happens when a thief places hard to detect device over a card scanner somewhere like an ATM or gas pump.  

(Visual Description: An animation of a keypad and card reader appears. To its right, there’s a depiction of account information being stolen.)

As you swipe, the device intercepts and stores your information for the thief to take advantage of later.  

(Visual Description: An animation depicts a skimming device being placed over a card reader. The device is flat and blends in to the ATM.)

Whenever you use a card reader, watch for misalignments in the card reading slot or partially covered stickers or text and play it safe.  

If anything seems out of place, try to use a different machine.  

(Visual Description: A flashing no symbol appears over the card reader.

Learn more ways to keep your information safe

Truist title and logo appear in the center of page.

Contact your Truist relationship manager or treasury consultant for more information on fraud protection.

Disclosure: Truist Bank, Member FCIC copyright 2021 Truist Financial Corporation. Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.)

Automated clearing house (ACH) fraud

A new ACH Rules for Corporates Resource Center can now help you stay informed on ACH-related news that may impact your business. Overall, ACH fraud can be avoided by overcommunicating with vendors and other partners, relying on ACH fraud control options, and using a Universal Payment Identification Code. Ask your employees to be similarly vigilant.

Component ID : "accordionGridLayout-300272249"
Model : "disclaimer"
Position : "left"

Fraud Prevention 101 – ACH Fraud

(Visual Description: Fraud Prevention 101: ACH fraud

Truist title and logo

ACH fraud: ACH fraud is one of the fastest growing types of fraud. Find out how we can help you stay one step ahead.)

ACH fraud is one of the fastest-growing types of deception techniques, especially as criminals create more sophisticated scams and use the latest technology to their advantage.

 (Visual Description: A computer screen reads: Scam!)

A common trick is to infiltrate a vendor’s contact information and respond to a previously sent message, so it appears to be part of the same chain or thread. Some even use details from social media to make the email, text, or online message seem like it's coming from a trusted contact.

One of the best ways to prevent fraudulent transactions is to have close relationships with vendors. Check in with them to verify any unusual or first-time requests, changes in contact information or remittance addresses, or changes in wiring or ACH instructions.

Whenever possible, confirm any change with two sources.

Monitoring incoming ACH payments is just as critical.

Truist offers fraud prevention services that allow you to block or review ACH debit transactions before they deposit to your account.

(Visual Description: Safeguard your account:

UPIC number and Masked account number sections are displayed as samples.)

We also offer a Universal Payment Identification Code, which gives you masked account numbers for receivables to help prevent unauthorized charges to your account.

It can be good to remind everyone within your organization that time spent reviewing ACH transactions upfront can reduce time spent rectifying problems later.

(Visual Description: Establish strong defenses against cyberattacks

Truist title and logo

Contact your Truist relationship manager or treasury consultant for more information on fraud protection.

Disclosure:

Truist Bank, Member FDIC. © 2021 Truist Financial Corporation. Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.)

Card not present

With more business being handled over the phone than in person, the risk of card-not-present fraud is more prevalent than before. In addition to ensuring all card information remains secure, businesses should be wary of accepting stolen (or fake) credit card payment information over the phone. To avoid this type of scam, don't deliver goods to anyone without verifying their identity, and request payment for larger orders by bank transfer.

Component ID : "accordionGridLayout-234306529"
Model : "disclaimer"
Position : "left"

Fraud Prevention 101- Card Not Present

(Visual Description: Fraud prevention 101: Card-not-present fraud

Truist title and logo in the bottom, right corner.  

Company cards are very convenient - and increasingly easy to compromise.  

Stay vigilant with these best practices.  

A credit card is shown with a line of dollar signs that lead to a shopping mall.)

Fraudsters no longer need to steal a physical debit or credit card to go on a spending spree at your business's expense.   

(Visual Description: A hooded figure is shown using a computer network to connect personal information with a credit card and a handful of money.)

Through sophisticated technology, criminals can now commit fraud by using a card’s information.  

This is called Card-not-present fraud.  

One of the best defenses against this fraud is a series of simple security checks.  

·       Always keeping cards in a safe place.  

·       Not sharing cards or card information among employees.  

·       And actively reviewing transaction statements to identify and report suspicious card activity.  

·       Don't forget to double check the URL of retail websites to make sure you're shopping on the real site.  Some copycat sites can look very similar.  

(Visual Description: Animation of a hooded figure connecting to user.)  

Card information can also be compromised when someone uses an unsecured Wi-Fi network, such as the public connection at a coffee shop or hotel.  

(Visual Description: The hooded figure disappears. A lock on the computer screen and VPN shield icon appears with the text Virtual Private Network.) 

If public Wi-Fi is your only option, follow best practices by encrypting your session or using a virtual private network.  

You may want to consider additional account protections like restricting purchases to those that match a predetermined merchant code or using dynamic card numbers.   

And when card holding employees leave the company close any cards, they had access to immediately.  

(Visual Description: Protect your company assets

Truist title and logo appears in center of page.

Contact your Truist relationship manager or treasury consultant for more information on card-not-present fraud prevention.

Disclaimer reads, Truist Bank, Member FCIC copyright 2021 Truist Financial Corporation. Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.)

Protect your business from the threat of fraud

Contact your Truist relationship manager for more information.