Last few weeks have seen an amazing amount of money movement. Fed stepped in to backstop Silicon Valley Bank (SVB) depositors on March 10. And yesterday (March 27) it was announced that First Citizens Bank & Trust is acquiring SVB. In the last couple of weeks, individuals, corporations and startups have moved 100s of billions of dollars from SVB to many other banks.
When so much value is changing hands so quickly. the immediate financial risk to companies becomes fraud.
When fraudsters see people are nervous and moving money quickly, fraudsters ramp up activity. They see opportunity.
Here are 5 tips to prevent and detect potential fraud and account takeovers for those who have switched banks (or plan to):
1. Phishing frequency will be high
This fraud vector will be the most common. Examples you may see:
- Emails from fake people trying to get you to switch to their fake bank
- Emails with links to sites with URLs that look almost legit (one character off)
- SMS with the same techniques
Fraudsters will target everyone from founders to brand-new employees.
If you are sending emails to your customers for them to update payments to your new bank account, we highly recommend not to have any links inside those emails. Provide the account number, routing number details within the email body itself.
If you work in Account Receivables / Account Payables (AR/AP), never click a payment details link that you see in the email. Instead, first hover over the URL and make sure it is coming from the domain belonging to the vendor. Further, type the URL directly into the browser while verifying in the browser's padlock that the domain is secure (https).
2. Invoice scams go directly for your money
If payments weren’t stopped on Friday or over the weekend, some invoices may have gotten lost in transfer.
Fraudsters see this, create fake emails impersonating CEOs, and send new invoices / billing info claiming they never received the transfer.
They’ll direct you to their own bank accounts.
Double-verify all payment requests through usual channels of communication with your clients and vendors.
We recommend never to trust individuals emails as those could have been taken over. Instead only trust communications coming from email alias you have previously interacted with e.g. billing@.
3. Fake news becomes common with the speed of information
When information moves at the speed of social media, people forget to verify original sources.
Keep a healthy level of skepticism when news moves this fast, especially if it’s prompting you to take action.
4. Pay attention to accounts payable and receivable
If you run an accounts receivables/accounts payables company, monitor how new payees are being created in your portal. You want to make sure that the person adding the new payee isn’t a fraudster who took over the account of an admin.
Use context around the device identity during the session – was this a brand new device ID or a brand new IP-address never seen associated with the payee? Sardine can help with our device intelligence and behavioral biometrics solution.
When someone provides bank details for a new accounts payable, make sure you can verify account validity of that bank account as well as ownership (does the account number, routing number, name and address match)? Sardine taps into multiple bank-led consortiums and we can help.
5. Proper controls are a must now, not next week
If you just moved to a new bank, sitting on it for a few days is tempting. Instead, set up these precautions ASAP:
- Two-factor authentication
- No self-approvals allowed
- Limit the number of account admins
It won’t take long, and these simple measures go a long way.
Fraud is not a problem until it’s the only problem. It’s been a crazy few weeks, take these precautions now to protect your company.
Please contact us if you have any questions and if we can help you or your financial institution in any way with advice on how to beef up account security and prevent costly account takeovers.