As your community partner and your bank, we feel it is important to share fraud trends as they occur and provide resources and information to help you avoid fraudulent attacks. Recently, we’ve noticed an uptick in trends associated with Business Email Compromise (BEC) or spoofed emails purporting to be from a trusted source with which you are familiar. While these fraud trends originally included wire transfer requests, we have observed a more current trend associated with the “Direct Deposit Scam,” targeting Payroll and Human Resources departments within an organization. Read on for detailed information about these types of attacks, and tips on how to identify and avoid falling for these attacks.
Types of Business Email Compromise
The BEC scam often starts with phishing emails sent by fraudsters that are designed to capture the login credentials of the business' CEO, CFO, and/or personnel in Payroll or Human Resources. When successful, the fraudsters begin performing reconnaissance by reviewing how the email account owner communicates, with whom they communicate, and who has the authority to move money within the business. Armed with this information, they will attempt to create trust in future communications by performing one or all of the following actions:
Direct Deposit Scam
With the Direct Deposit Scam, the fraudsters will use information obtained to understand procedures associated with making changes to the target bank account associated with employee payroll direct deposits. Next, an email is sent to the person(s) with authority to make this change, typically Payroll or Human Resources personnel, with a new bank account and routing numbers that the fraudster controls. Once changes are made to payroll files and originated through the bank, the fraudsters have successfully stolen the money. Most employees will notice the missing payroll and report it, albeit too late for the bank to recover the funds for the business.
Fraudulent Invoice Scam
With this type of scam, the fraudster will send an email request for an invoice to be paid via wire, ACH, cashier’s check, etc. In some instances, they will ask for existing invoices to be paid to a different bank or account number, citing changes that they have made. In other instances, they will pay an invoice with a check greater than the requested amount and ask for the difference to be sent to them.
To avoid becoming victimized by these scams, you should consider the following tips:
If you do become a victim of a scam, make sure you do the following:
We are here to help keep you and your information safe. Whether we are providing tips on how to stay safe, sharing the most current fraud trends or monitoring your accounts for potentially fraudulent activity, you can rest assured that we work around the clock to protect your information from fraudulent activity.
We'll find a branch near you. You can also visit the locations page or contact us.
Simplify the payment process by having your card sales deposited into your business checking account.
As a community-supported bank and locally operated business, we are proud to offer flexible and rewarding banking options to local businesses.
No matter what stage of the wealth cycle you’re in, we can help you plan ahead and think forward.
Follow Columbia Bank