Business Fraud Trends in Eastern Iowa


Keeping up with fraud trends can be challenging for any business. That’s why we’re dedicated to sharing insights on fraud trends reported by businesses like yours, to empower you with the knowledge to safeguard your assets effectively!

Table of ContentsFraud Mitigation Services


Key Takeaways

1

Secure Your Mail: Use secure mailboxes or postal services to prevent mailbox theft.

2

Maintain Security Software: Keep computers protected with updated anti-virus and anti-malware software to prevent ransomware attacks. 

3

Implement Internal Verification Procedures: For wire transfers, establish verification procedures or a dual control system to prevent fraudulent transactions.

4

Verify Vendor Payment Requests: Always confirm wire instructions directly with vendors to avoid fraudulent payment requests.

5

Ensure POS Security: Verify that your POS software provider is certified and limit remote access to prevent compromise.

6

Proactive Measures Are Key: Implementing preventative measures before an incident occurs is crucial for protecting your business against fraud.

Mailbox Theft

Mail theft poses serious risks to your financial security. Fraudsters can create counterfeit checks or manipulate your account when checks are intercepted.

What Happens?

You mail a payment to your vendor, but after several weeks, the vendor informs you that the check has yet to arrive. You find this odd but decide to re-issue the check.

You may or may not have stopped payment on the original check. Subsequently, during account reconciliation, you discover several unfamiliar checks have cleared your account.

What is the Result?

You contact FSB with your concerns and discover that your account has been compromised and counterfeit checks have been created and cashed.

FSB immediately places your account on hold, subjecting all transactions to manual review, and needs your approval.

A crucial decision arises: do you close your long-standing account and open a new one or incorporate fraud mitigation services?

How Can You Prevent This?

  • Secure Your Mail: Use secure mailboxes or the post office to control your mail dispatch process for all outgoing mail.

  • Explore Alternate Payment Methods: Consider reducing the number of checks you write by exploring alternate payment methods like credit cards or electronic payments. For assistance, contact FSB’s Treasury Management Officer, Kallie Herink.

This type of fraud typically occurs when fraudsters, visiting the area a few times each month, extract checks from mailboxes.

Typically, it's the vendor's mailbox that is compromised. Fraudsters will either produce counterfeit checks immediately or defraud the accounts they picked up on a prior run through town.

Ransomware

Ransomware can paralyze your business, blocking access to crucial files and demanding a ransom. Prevention and preparation are essential to defend against this growing threat.

What Happens?

You arrive at the office and power up your computer, expecting the usual welcome screen. Instead, a cryptic message informs you that your files have been encrypted, and a $1,000 payment is demanded to retrieve them. 

What is the Result?

Your company faces a critical decision: pay the ransom to regain access to your files or attempt to restore them from your most recent backup, hoping it’s up-to-date.

Regrettably, neither FSB nor the authorities can assist in recovering your encrypted files. 

How Can You Prevent This?

  • Maintain Security Software: Ensure your computers have up-to-date anti-virus and anti-malware software.

  • Update Regularly: Regularly update your systems with the latest software patches to avoid vulnerabilities.

  • Be Cautious with Emails: Avoid clicking on links in unsolicited emails.

Once an attack has occurred, it’s too late to formulate a plan. Proactive measures and preparedness are your best defenses against ransomware attacks.

Wire Fraud

Wire fraud schemes increasingly target businesses through deceptive emails and vendor invoices.

Scenario #1: Deceptive CEO Email

What Happens?

A trusted employee receives an email, seemingly from the CEO, urgently requesting a wire transfer for goods or services, often instructing to “code to admin expenses.

Having infiltrated the company’s systems, fraudsters choose a hectic day filled with meetings or travel to strike. Following the urgent instructions in the email, the employee promptly forwards it to the bank for processing. 

What is the Result?

Whenever wire requests are submitted, FSB has procedures to call an account signer or an employee authorized for wires to verify the request.

While our policies have prevented numerous fraudulent wires, they are not foolproof.

The transfer will likely proceed if the employee is authorized to submit wires. Once a wire is dispatched from FSB, recovering it is nearly impossible, making wire transfers a preferred method for fraudsters. 

How Can You Prevent This?

  • Implement Internal Verification Procedures: Establish internal procedures for wire verification or enact a dual control system where one person requests the wire, and another approves it upon callback, fostering internal cross-checking.

  • Verify Email Requests: If you receive a suspicious email request, forward it back to the supposed requester by manually typing in their email address, avoiding the “reply” option, which would return the email to the fraudster. This method isn’t foolproof but is a safer alternative.

Scenario #2: Fraudulent Vendor Payment Requests

What Happens?

Fraudulent vendor payment requests are becoming increasingly common. This typically occurs when your system or email has been compromised.

Fraudsters monitor your activity, waiting for you to purchase from a vendor. Subsequently, they send you an invoice, seemingly from that same vendor, with wire instructions.

Assuming the invoice is legitimate, you proceed with the payment. 

What is the Result?

A month after the wire transfer, you receive a call from your vendor’s Accounts Payable department inquiring about the overdue payment.

Then you realize that the funds were wired to a fraudster and are irretrievable. Unfortunately, FSB’s callback procedures are not designed to intercept this fraud. 

How Can You Prevent This?

  • Verify Wire Instructions Verbally: Establish a protocol to verbally confirm wire instructions with any vendor sending them via email or as an email attachment.

  • Use Known Contact Information: If you receive an invoice with wire instructions via email, call your vendor directly using the contact information you have on file, not the one provided in the suspicious invoice, to verify the instructions and the invoice.

Debit/Credit Card Point-Of-Sale (POS) System Compromise

POS system compromises can expose your customers' card data to fraud, resulting in financial and reputational damage to your business.

What Happens?

Concerns arise as regular customers report that their debit or credit cards have been compromised, suspecting it occurred when they made purchases at your store.

Initially, it doesn’t raise too many alarms until the volume of similar complaints increases. A few days later, local authorities approach you with inquiries about your Point-of-Sale system.

Upon investigation, it’s discovered that malware had been clandestinely installed on your computer system, capturing every card swiped on your machines over the past month and transmitting the data to a criminal entity in Russia.

Further, it’s revealed that the technician who provides your POS system support was hacked, and his remote login credentials were used to place the malware on your system.

What is the Result?

The security breach on your POS system becomes local news, alerting everyone who used their card at your store in the past several weeks about the compromise.

This results in disgruntled customers and a loss of business as people become wary of having their cards compromised at your store. 

How Can You Prevent This?

  • Ensure Your POS Provider is Certified: Verify that your POS software provider is on the certified QIR List. If they aren’t, they may not fully comprehend the risks associated with your payment system.

  • Limit Remote Access: Avoid allowing unlimited access to your computer system through remote access programs like LogMeIn, RemotePC, pcAnywhere, and GoToMyPC. Forensic investigations have shown that remote access is a primary method used by fraudsters to infiltrate merchant systems and install specialized POS malware.

  • Implement Two-Factor Authentication: Consult with your system technician about incorporating two-factor authentication for remote access to your system. Alternatively, activate the remote access only when your technician needs it and deactivate it once the work is complete.

By implementing these preventative measures, you can significantly reduce the risk of a security breach and protect your business and customers from potential compromises.

Real Cases, Real Solutions

These instances are not hypothetical; they represent cases in Eastern Iowa. We hope that by sharing these insights, we can help you to bolster your organization's security effectively.

For any queries or additional information, please don't hesitate to contact FSB’s Treasury Management Officer, Kallie Herink.

Cathy Ehnen - Fraud Prevention Expert at Farmers State Bank (Marion, IA)

Written by

Cathy Ehnen

Since starting at FSB in 1991, Cathy has built a wealth of experience, spending over two decades in Retail Operations before joining the Fraud Department in 2016.

She regularly attends fraud prevention seminars and maintains strong connections with local financial institutions and law enforcement. Cathy serves as FSB's first line of defense in fraud prevention and is committed to safeguarding customers and the bank.

Questions about fraud? Contact Cathy today!

Call: 319-730-6970
Email: CathyEhnen@fsbmail.net

Related Articles

Business owner questioning if it's time to expand his business with a loan from FSB in Iowa.

Is It Time to Expand?

Evaluate the right moment to scale your business for greater success.

Business Expansion Tips


Business customer looking at maximizing their banking experience with FSB in Eastern Iowa.

Get the Most From Your Bank

Learn how to maximize your banking experience to support your business.

Maximize Your Business Benefits


Customer researching how they can get a SBA loan for their business

Securing an SBA Loan

Discover best practices to follow when trying to secure an SBA Loan.

How to Apply For an SBA Loan