Today’s Threat Landscape: Increased risk requires increased protection
Webinar experts urge businesses to remain vigilant
Businesses are under increasing threat of fraud that can lead to major financial losses and must take preventative action. That was the resounding message from a panel of experts at Umpqua Bank’s recent fraud prevention webinar, Today’s Threat Landscape.
The event was the first in a series of three webinars designed to help business owners take proactive steps to protect their businesses and their bottom line. These Success Against Fraud Events, known as S.A.F.E., will continue through June.
“You, as business owners, are greatly in the crosshairs,” said Brad Crall, a Financial Crimes Risk Management Consultant at Mission Omega and one of the panelists.
Other speakers included Bryan Snead and Adam McKelvey of the FBI; Brian Kindred, Chief Information Security Officer at Umpqua Bank; and Jon Stockton, Fraud Director at Umpqua Bank.
According to industry reports, 96% of U.S. companies were targeted by fraud at least once in 2023. And 36% of victims lost more than $1 million.
Criminals are using every avenue to gain access to company networks, experts told attendees. The most common means of attack are: email, text, fake websites and phone. And unlike the more easily spotted Nigerian Prince scams of years past, they are growing more sophisticated.
Fraudsters are using automation to ramp up the volume of their attacks, AI to increase the sophistication of their appearance and taking advantage of faster payment systems to steal money. That’s on top of a recent surge in mail fraud.
“There is nothing sacred,” Crall said. “Fraudsters will come after everything in every channel.”
Payment fraud is one area that is surging. Check fraud increased 171% in 2023 and wire and ACH fraud, which can lead to significant financial losses, increased 75%. While check use is declining, they aren’t going way. Checks are typically stolen and altered, then sold on the dark web. They can then be used in other scams.
Umpqua Bank representatives Kindred and Stockton said that the social engineering and email compromise that companies have long been warned about still are being used and businesses shouldn’t grow lax about protection.
“Anything to get a foot in the door,” said Stockton.
Even fraud against an individual, such as a romance scam, could put a business at risk. They said victims often become so enamored with an online fraudster that they take risks they normally would not, which could include potential theft of company funds.
FBI representatives pointed out that all fraud numbers are underreported as many victims do not report the crime.
So, what should business owners do? Be aware of the risks, take steps to protect your business and act quickly if you believe a breach has occurred.
“Awareness is key for our business customers,” said Stockton. “(Reviewing) statements is great, but let’s get in front of it.”
He pointed to Positive Pay, an Umpqua service for business clients that takes the information from checks you know you issued and pushes it up against checks as they clear to confirm they match. It is one of several fraud protection products and services the bank offers.
FBI representatives pointed out that many of the items they see for sale on the dark web could have been avoided with some basic security precautions, like noticing company email has been compromised.
Kindred suggested the website Have I Been Pwned for individuals, it allows them to check if an email address or phone number has been compromised in any known data breaches. If it has, take steps to secure your accounts: change passwords, enable two-factor authentication and monitor for unusual activity.
FBI representatives urged people to pick up the phone and call before they wire money, which they’ve seen could have saved many victims from losses. Use good multifactor notification and offline backups for information. They also suggested businesses consider insurance against cyberattacks, such firms can help with next steps if something happens. And they reiterated that businesses should know their bank and the safeguards they offer.
If you are a victim or believe there has been a compromise, reach out to the bank immediately, they may be able to take steps to mitigate the losses. And report it to the FBI-run Internet Crime Complaint Center, known as iC3, those reports are is then shared with field offices.
“Vigilance is something that is not a once-a-year type of thing,” said Crall. “The threatscape has changed quite a bit. Identify what risks are prevalent and have conversations with your bank that you can share with your team.”
To register for upcoming S.A.F.E. webinars and find out more about what fraud protection services Umpqua Bank provides, please visit our website. The next S.A.F.E. webinar, Proactive Payment Protection, is scheduled for May 15, from 11 a.m. – noon PT.
A full replay of Today’s Threat Landscape webinar is available online.