Online Fraud on the Rise
By Dan Werme and Terra Carnrike-Granata
We’re all aware of the many ways scammers are working to defraud individuals out of their hard-earned money. But small businesses continue to be in the crosshairs of today’s online criminals.
The Federal Trade Commission highlights a wide range of fraudulent schemes targeting businesses, including scams involving fake invoices and unordered merchandise, online listings and advertising, credit card processing and equipment leasing, tech support, altering online reviews, bank and business impersonation scams, and the list goes on.
In its 2024 Internet Crime Report, released earlier this year, the FBI showed that business email compromises resulted in $2.77 billion in losses to businesses. Phishing or spoofing scams, defined by the FBI as “the use of unsolicited email, text messages, and telephone calls purportedly from a legitimate company requesting personal, financial, and/or login credentials,” were the cause of $70 million in losses. Other scams, like tech support and personal data breaches, resulted in losses exceeding $1.4 billion.
In all, businesses and individuals lost a record $16.6 billion to cybercriminals last year, and projections are that scams driven by artificial intelligence (AI) could result in as much as $40 billion in losses by 2027.
Terra Carnrike-Granata
Dan Werme
“In all, businesses and individuals lost a record $16.6 billion to cybercriminals last year, and projections are that scams driven by artificial intelligence (AI) could result in as much as $40 billion in losses by 2027.”
Protecting your company’s valuable financial assets starts with internal security; a few simple steps can go a long way in protecting your business from external threats. Your business should:
• Trust but verify whenever you receive a request for payment or invoice changes from customers, vendors, or partners. It is important to make direct contact using a trusted phone number to confirm the instructions aren’t coming from a scammer.
• Implement good computer security practices. It’s essential to establish and maintain basic security procedures and controls for your business, and to update and distribute these to all employees regularly.
• Safeguard your information. Some simple steps include installing commercial antivirus software on all computers, ensuring those programs are updated regularly, and installing spyware detection programs.
• Educate your employees. A robust security program, combined with awareness of warning signs, safe practices, and responses to a suspected takeover, is crucial for protecting your company and its customers.
• Protect your online environment. Do not use unprotected internet connections. Encrypt sensitive data and keep your computer up to date with the latest virus protections. Use complex passwords and change them periodically.
• Partner with your bank to prevent unauthorized transactions.
• Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop-ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity, and remove any systems that may have been compromised. Keep records of what happened. And never share one-time pins, especially if you receive a call from someone claiming to be your financial institution. Banks don’t ask that.
• Understand your responsibilities and liabilities. The account agreement with your bank will outline the commercially reasonable security measures required for your business. You must understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover.
What to Do After an Incident
Despite taking these critical steps, businesses can sometimes be victimized by cybercriminals. In such cases, immediate action is crucial to help limit the damage or loss.
In the event of a cybercrime incident, several steps should be taken. First and most important, cease all activity on your computer system immediately, contact your bank, and change your online banking passwords. Other actions include opening new accounts, filing reports with local police and the FBI’s Internet Crime Complaint Center, and keeping meticulous records of events around the hack.
If you’ve lost your business’s credit or debit cards or checks, contact your bank.
If you think you’re being scammed through email, remember that financial institutions will never ask for personal information or account access credentials in an email. Don’t click on any links or respond to the message — delete the email and check your computer for spyware or other malware and contact your bank.
Identity theft can impact businesses as well as individuals, and there are several ways to know if you have been victimized. They include notices or emails telling you that your account information has been updated or that your information may have been compromised, bills or collection calls for accounts you’ve never opened, unknown accounts or inquiries that appear on your credit report, or an unexpected denial of a credit card application. If you suspect your identity has been stolen, contact your bank and place a fraud alert on your credit report by contacting one of the three major credit bureaus: Equifax, Experian, or TransUnion.
In our increasingly digital world, threats abound, with the growth of AI-based scams exponentially increasing those threats. NBT Bank’s Business Fraud Information Center provides a full range of resources and information to help keep your business secure. We work to provide up-to-date fraud information and alerts to help ensure your business won’t be one of the thousands victimized by scammers.
Dan Werme is regional president of Massachusetts for NBT Bank, which serves commercial and retail banking clients at locations in North Adams, Pittsfield, Lee, Great Barrington, South Egremont, and Sheffield. Terra Carnrike-Granata is senior director of Information Security at NBT Bank, where she designs and implements sophisticated controls to prevent loss and mitigate risk, while also developing innovative ways to educate consumers and businesses on cyber threats.
“In a move that drastically shifts federal energy policy, the act eliminates or shortens a range of green energy tax credits introduced in the Inflation Reduction Act.”
“Setting a budget is critical for young professionals who are often balancing myriad expenses, like school and car loans, rent and utility payments, entertainment, and more for the first time.”
“Employers here should start thinking about where their policies, programs, and practices are situated in the growing divide between Massachusetts’ liberal employment laws and the Trump administration’s new policies.”
“When leaders understand what their team members are capable of, they can align tasks and goals in ways that challenge without overwhelming. Coaching helps bridge the gap between raw potential and real-world performance.”
“Trusts are among the most powerful tools in estate and asset protection planning. A trust is a legal arrangement where a trustee holds and manages assets on behalf of a beneficiary.”
