Online business fraud continues to increase
Cyber scams cost U.S. businesses $16.6B in 2023. Learn key steps to protect your company from phishing, data breaches, and AI-driven threats.
Online business fraud continues to increase
We’re all aware of the many ways scammers are working to defraud individuals out of their hard-earned money. But small businesses continue to be in the crosshairs of today’s online criminals.
In its 2024 Internet Crime Report, released earlier this year, the FBI showed that business email compromises resulted in $2.77 billion in losses to businesses. Phishing or spoofing scams, defined by the FBI as “the use of unsolicited email, text messages, and telephone calls purportedly from a legitimate company requesting personal, financial, and/or login credentials,” were the cause of $70 million in losses. Other scams, like tech support and personal data breaches, resulted in losses exceeding $1.4 billion.
In all, businesses and individuals lost a record $16.6 billion to cybercriminals last year, and projections are that AI-driven scams could result in as much as $40 billion in losses by 2027.
Protecting your business’s valuable financial assets starts with internal security: a few simple steps can go a long way in protecting your business from external threats. Your business should:
Trust but verify whenever you receive a request for payment or invoice changes from customers, vendors or partners. It is important to make direct contact using a trusted phone number to confirm the instructions aren’t coming from a scammer.
Implement good computer security practices. It’s essential to establish and maintain basic security procedures and controls for your business, and to update and distribute these to all employees regularly.
Safeguard your information. Some simple steps include installing commercial antivirus software on all computers, ensuring those programs are updated regularly, and installing spyware detection programs.
Educate your employees. A robust security program, combined with awareness of warning signs, safe practices and responses to a suspected takeover, is crucial for protecting your company and its customers.
Protect your online environment. Do not use unprotected internet connections. Encrypt sensitive data and keep your computer up to date with the latest virus protections. Use complex passwords and change them periodically.
Partner with your bank to prevent unauthorized transactions.
Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop-ups and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened. And never share one-time pins, especially if you receive a call from someone claiming to be your financial institution. Banks don’t ask that!
Understand your responsibilities and liabilities. The account agreement with your bank will outline the commercially reasonable security measures required for your business. You must understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover.
Despite taking these steps, businesses can sometimes be victimized by cyber criminals. In such cases, immediate action is crucial to help limit the damage or loss.
In the event of a cybercrime incident, several steps should be taken. First, cease all activity on your computer system immediately, contact your bank and change your online banking passwords. Other actions include opening new accounts, filing reports with local police and the FBI’s Internet Crime Complaint Center, and keeping meticulous records of events around the hack.
If you’ve lost your business’s credit or debit cards or checks, contact your bank.
If you think you’re being scammed through email, remember that financial institutions will never ask for personal information or account access credentials in an email. Don’t click on any links or respond to the message — delete the email and check your computer for spyware or other malware and contact your bank.
Identity theft can impact businesses as well as individuals, and there are several ways to know if you have been victimized. They include notices or emails telling you that your account information has been updated or that your information may have been compromised, bills or collection calls for accounts you’ve never opened, unknown accounts or inquiries that appear on your credit report, or an unexpected denial of a credit card application. If you suspect your identity has been stolen, contact your bank and place a fraud alert on your credit report by contacting one of the three major credit bureaus: Equifax, Experian or TransUnion.
Justin Jennings is regional president of New Hampshire and Terra Carnrike-Granata is senior director of information security for NBT Bank.
