Walk through any downtown or Main Street right now, and visitors will notice a different climate as businesses across the country have modified their operations in response to COVID-19. With an emphasis on online sales, curbside and delivery services, and remote work environments, businesses have adapted to comply with health and safety regulations. This shift has created a golden opportunity for scam artists and criminals specializing in business fraud. Now, more than ever, it’s important for business owners to be aware of potential threats, and take the necessary steps to help protect themselves. Kerry Lobel, SVP, Chief Information Officer, of Fidelity Bank, shares information on some of the most prevalent fraudulent schemes occurring now, and offers strategies every small business owner should implement.
Be aware, and prepare.
Kerry said professional scammers view the situation created by the pandemic as a profit center, and they are highly skilled in identifying opportunities to commit fraud. As many business owners are pre-occupied with the everyday tasks, and challenges, of conducting business right now, they may not be following established protocols as strictly as they had prior to the pandemic. This creates a window of opportunity for scam artists.
So what are they up to? Business identity theft and spear phishing are two types of fraud prevalent right now.
- Business Identity Theft (or corporate or commercial identity theft) is the illegal practice of impersonating a business, or an employee of a business, for criminal gain. One common scheme is stealing a business’s identity and applying for loans under its name. “They’re going after the PPP (Paycheck Protection Program) money for any business they know is shut down,” Kerry said. “They’re stealing the identities of these companies and filing for loans in their name.”
- Spear Phishing is “the fraudulent practice of sending emails from a known or trusted sender in order to induce targeted individuals to reveal confidential information.” Businesses that are closed, or partially closed, are particularly susceptible to this type of fraud. An example of spear phishing is when a criminal sends an email on behalf of everyone on the senior leadership team, attempting to get someone to respond and unwittingly provide crucial information (usernames and passwords, credit card information, bank account information, etc..) the criminal needs. It appears the request is coming from someone at a higher level, so staff members who are trying to do the right thing can fall prey to these schemes if they aren’t vigilant.
How a community bank can help.
When it comes to protecting against fraud, community banks, such as Fidelity, have an advantage over national banks because they know their customers. “Bank with a community bank with professionals who care and pay attention,” Kerry said. “If we receive a request that doesn’t look right, we know instantly.” For example, “We have customers who prefer to call us — they’re phone people. If we get an email from them saying, ‘send money from my account to this place,’ we know that isn’t right because they would have called us. Having that relationship with your bank is a huge protection. It’s saved a lot of our customers over time.”
Establishing a relationship with a community bank can also be helpful in terms of business identity theft protection. “Another benefit to banking with a community bank is that your bank knows you, and if we see a loan application coming through that doesn’t make sense, we can flag it. That’s not the case with bigger banks. So, a lot of businesses are very susceptible to fraud right now.”
7 strategies to employ now.
- Monitor credit and accounts.
Kerry advises business owners to monitor their credit reports carefully. Look for new accounts that have been opened, and any changes to existing accounts.
- Maintain open communication with the Bank.
One of the advantages to working with a community bank is developing relationships with Bankers who know their clients, and their businesses. This is important when it comes to fraud prevention. “Stay in contact with your Banker so they know what you’re applying for, and what you’re not applying for,” Kerry said.
- Be wary of unexpected communication.
Be very cautious when it comes to attempts at spear phishing through phone calls, emails, or any unexpected communication.
- Unexpected phone calls: “They always say, ‘buyer beware’. In this case, it’s everybody beware,” Kerry said. “If you get a call that sounds fishy, ask them for a phone number to call back. If something doesn’t feel right, start asking for specifics. Usually they will end the call.” Remember, Microsoft is never to going to call about a problem with Windows, and the IRS is never going to call about a problem with someone’s Social Security number.
- Unexpected emails with links: “Don’t click on links in an email, even if the email looks legitimate to you,” Kerry said. “If you weren’t expecting it, don’t click on the link. As a Bank, we will never send you a link that says, ‘log into your online banking from here’. What we usually tell you is, ‘go to our website and log in’. That’s where a lot of problems arise. You’re sent a link, and you click on that link, and it looks just like your Bank’s website, but it really wasn’t. That’s something to watch out for,” he said.
- Upgrade technology: Business owners need to make sure their technology is up to date and in good working order when it comes to backups, patching for Windows, and security software.
- Review disaster strategies: “Everyone should have a disaster strategy,” Kerry said. Now is prime time to review the plan and assess whether or not it is still relevant. If circumstances have changed since the plan was developed, business owners need to assess whether or not the plan still offers the protection they need.
- A word about passwords & personal information:
- Never duplicate passwords.
- Never share passwords.
- Never use the real answers to security questions as criminals are skilled in piecing those answers together by analyzing social media and researching people online. “If you use a real answer to a commonly asked question, I guarantee it’s hackable,” Kerry said. Make something up and make an electronic list on an encrypted phone (or notebook in a secure location).
- Never share bank account information.
- Never disclose Social Security numbers.
- Separate business and personal technology:
- Don’t store personal information on business computers and avoid using social media unless it’s business related. “Those are your highest sectors for getting a piece of malware on your computer, or attracting attention to yourself in a negative way,” Kerry said. “You have to be careful. I suggest personal computers are for personal use. Business computers are for business. It just makes sense.”
- Don’t post anything on social media in real time.
- Social media profiles should not include birth years. Why? “It’s just another piece for a hacker to identify who you are,” Kerry said.
Fidelity Bank has built a strong history as trusted advisors to customers served, and is proud to be an active member of the communities it serves. With 20 branches located throughout Northeastern Pennsylvania and the Lehigh Valley, Fidelity Bank offers full-service Trust & Investment Departments, a mortgage center, and an array of personal and business banking products and services. The Bank provides 24 hour, 7 day a week service to customers through a variety of digital banking tools, branch offices, online at www.bankatfidelity.com, and through the Customer Care Center at 1-800-388-4380.