In summer 2021 Truist conducted nationwide research with 527 small business owners. One of the many topics examined in the survey is fraud. In this piece, we highlight common sources of fraud. Be sure to see related content on general steps you can take to protect yourself from fraud, as well as financial tools you can use to greatly reduce your company’s exposure to fraud.
Among the many recent challenges faced by small businesses owners, fraud remains a major threat. Fraud is more common and more costly than ever. And for small businesses, the risk is only increasing.
Truist’s 2021 research reveals that at least a third of businesses have experienced some form of fraud. Incidents of fraud have spiked in the past year alone, and the average dollar amount of the fraud perpetrated now hovers at around $55,000.
It’s no wonder, then, that that more than 75% of owners surveyed say they are concerned about cyber or financial fraud. And the number of businesses who say they are very concerned is up 74% from 2020.
Don’t wait to focus on fraud.
While 96% of business owners who have experienced fraud are very or somewhat concerned about future fraud, only 66% of those who have yet to experience fraud share that same level of concern about future fraud.1
With fraud on the rise, you shouldn’t wait to pay attention to fraud only after you’ve fallen victim to it. Certain businesses appear to be especially vulnerable to fraud. Our research also revealed that more than 70% minority-owned businesses have experienced fraud, while only 30% of their non-minority-owned counterparts report having faced fraud.
Controlling fraud starts with knowing exactly where it’s coming from so you can prepare your defenses and be on alert for its appearance..
Know threats from the inside, out.
Fraud can come from either internal or external sources. It can come from employees you know and trust. The majority of employee fraud is the result of weak internal controls.2 Companies with internal controls—like a code of conduct or management review of accounts or transactions—are not immune to fraud, but they reduce the dollar amount and duration of the fraud by 50%.2
In other cases, external bad actors are the culprits. It’s important that you and your employees¾and anyone interacting with your business for that matter—know some of the most common sources so you can be on alert.
With so much of today’s business conducted digitally, cyberfraud continues to increase at a rapid pace. In 2020, the FBI’s Internet Crime Complaint Center received more than 19,000 Business Email Compromise (BEC)/ Email Account Compromise (EAC) complaints with adjusted losses of over $1.8 billion.3 A shocking 76% of organizations polled by AFP (Association for Financial Professionals) were targeted by BEC—also known as spoofing or spear phishing—in 2020.4 Here’s how BEC works:
- Spoof an email account or website – Criminals use slight variations on legitimate addresses or email domains that look deceptively like the legitimate entity they are impersonating. For example, they might use email@example.com instead of firstname.lastname@example.org. Or they might use a dash (such as ACME-Tools.com vs. ACMETools.com) to trick victims into thinking the email is legitimate.
- Spear phishing emails – Fraudulent emails look like they are from a trusted source. But they’re used to trick victims into revealing confidential information. If the ploy works, criminals gain access to company accounts, calendars, data, and other access they need to carry out their schemes. In fact, 91% data breaches start with a BEC-type spear phishing attack.5
What do criminals hope to achieve by compromising your business email? Wire transfers are the primary target. Forty-three percent of financial professionals report witnessing actual or attempted wire transfer fraud as a result of BEC.5
There are also many other sources of direct and indirect sources of small business fraud. Among them:
- Employee access to data and systems combined with poor internal controls
- Malware, viruses, and ransomware
- Attacks on vulnerable hardware and network connections through laptops or mobile phones
- Financial fraud – including paper checks, credit cards, and accounts payable fraud, in which phony invoices are sent for payment.
Less obvious techniques like tech support fraud can also be a source. Fraud scenarios are endless and ever evolving. Stay aware of the latest schemes and train employees to be on the lookout for the signs of fraud.