How Much Are You Prepared to Lose?

Protecting Against BEC Scams and Phone Spoofing

In today's digital landscape, businesses face an ever-present threat from cybercriminals seeking to exploit vulnerabilities for financial gain. In this article, we'll explore the dangers of Banking scams and provide practical tips to protect your business against these threats.

Understanding the Threats

Banking scams involve cybercriminals impersonating trusted individuals within a company, such as executives or financial officers, to deceive employees into transferring funds or divulging sensitive information. These scams often begin with a fraudulent communication such as an email, phone call, or text message that appears to be from a legitimate source, such as a bank or financial institution.

• Cybercriminals often try to hack legitimate email systems and then use those email addresses to communicate with their victims, who believe they are receiving an email from a trusted partner.
• Fraudsters can also manipulate caller ID information to make it appear as though a phone call or text message is coming from a legitimate source, such as a bank or financial institution.

Banking scams may involve attackers impersonating representatives from financial institutions and requesting sensitive account details or login information. Fraudsters attempt to trick businesses into divulging sensitive information or transferring funds with a compelling story such as a security alert or transaction verification. Their communication typically requests urgent action from the recipient, such as verifying account details or updating login information.

Ways to Protect Your Business

If you have any suspicions about the legitimacy of a communication, it's crucial to take immediate action to protect your business. To protect your business against Banking scams, it's important to remain vigilant and skeptical of unsolicited emails, phone calls, and text messages.

1. Do not trust unsolicited emails, calls, or texts: If you receive a communication that appears to be from your bank or financial institution, take steps to verify the sender’s identity before providing any sensitive information. Ask for the person’s name, title, and department, and independently verify their identity by calling the bank's official phone number using trusted contact information.

2. Verify Requests for Sensitive Information: Encourage a culture of skepticism when it comes to requests for sensitive information, whether it's via email or phone. Before providing any sensitive information or changing recipient banking information, verify the identity of the requester using trusted contact information, such as a verified phone number or secure online portal.

3. Enroll in Positive Pay: Protect your business from fraud before it happens with Quad City Bank & Trust Positive Pay solutions. Our Check Positive Pay service gives you more control over your payments, allowing you to make informed decisions about suspicious check activity. When checks are presented for payment, they are compared to the issued check files uploaded, and designated users can review to approve or return them, with email notifications for items needing attention. Our Payee Check Positive Pay adds an extra layer of security by verifying payee information. With ACH Positive Pay, we extend this protection to electronic transactions, flagging unauthorized ACH debits for review and controlled approval based on pre-set criteria including dollar amount and Company IDs. These services not only safeguard against fraudulent checks but also streamline your account reconciliation process. If you need assistance or have concerns about fraud detection, please don't hesitate to contact our Treasury Management team at 563.468.5602 or email treasurymanagement@qcbt.com.

4. Implement Dual Control for outgoing transactions: Utilize dual controls when sending money outside of the Bank through ACH and Wire Transfers. Assure that you have users that are set up with Draft Only permissions (prepare batches for submission) and users that are set up with Approve Only permissions. It is also recommended to implement Dual Controls for Recipient (Beneficiary) Management. This feature requires a second user to review and approve additions/deletions/changes to ACH and Wire recipients. These additional measures will protect your business from unauthorized transmissions as well as internal processing errors.

5. Implement Dollar Limits by User for outgoing transactions: Assure that your online banking users are appropriately drafting and approving batches that fit their daily responsibilities. Dual control can also be implemented based on user limits, requiring dual control for transactions over a certain dollar amount.

6. Monitor account balances and transactions daily: Quad City Bank & Trust has enforced password reset and credential ID change alerts. Ensure you also turn on account monitoring notifications through the Alerts feature of Business Online Banking. Responsible employees are alerted on banking transactions and balance thresholds. Leveraging low dollar amount thresholds is the safest way to stay informed.

7. Stay Updated on Security Measures: Regularly review and update your company's security measures to stay ahead of evolving threats. Keep software and systems up to date with the latest security patches and implement robust cybersecurity protocols to protect against unauthorized access.

8. Establish Clear Communication Channels: Establish clear communication channels for employees to report suspicious emails or phone calls. Encourage employees to report any incidents promptly so that appropriate action can be taken to mitigate the risk.

9. Employee Training and Awareness: Educate your employees about the risks posed by Banking scams and phone spoofing. Provide training on how to recognize suspicious emails and phone calls and emphasize the importance of verifying the identity of the sender or caller before divulging sensitive information. It's important to remember that legitimate financial institutions will never ask for such information via email. If you receive an email requesting sensitive account details or login information, it's essential to verify the sender's identity and contact your bank or banker using trusted methods, such as a verified phone number or secure online banking portal.

Our Commitment to Security

At Quad City Bank & Trust we take the security of your business and commercial banking accounts seriously. We employ robust security measures to protect your accounts and transactions from fraudulent activity. However, it's important to understand that while we do everything in our power to stop fraud, we cannot do it alone. We rely on our clients to remain vigilant and proactive in safeguarding their businesses against cyber threats. By working together, we can strengthen your business's defenses and mitigate the risks associated with BEC scams and phone spoofing.

Limited Liability and Client Responsibility

It's essential for our clients to understand that, despite our best efforts, there are limitations to the bank's liability for commercial banking accounts. While we strive to provide a secure banking environment, we cannot guarantee absolute protection against fraud. As such, it's imperative for clients to take proactive measures to mitigate the risks associated with BEC scams and phone spoofing.

Learn more about Positive Pay fraud solutions at qcbt.bank/fraud-prevention-services