If your company makes payments or moves money, there’s a good chance cybercriminals may target your business at some point in the near future. The more you know about today’s popular fraud techniques—and the best ways to protect your people and your systems—the better prepared you’ll be.
Test your fraud prevention knowledge with these true or false situations.
1. True or false: Fraud attempts decreased in 2023 compared to previous years.
False. In fact, last year set a record for the most publicly disclosed security compromises. More than 3,200 incidents were reported in 2023—up 43 percent compared to 2022. According to the latest AFP survey, 80 percent of organizations admitted being targets of actual or attempted payments fraud in 2023. Businesses of all sizes, all industries, can be at risk, so it’s best to stay connected to current knowledge and be vigilant across your organization.
2. True or false: Generative artificial intelligence (Gen AI) capabilities can make today’s fraud attempts more difficult to detect.
True. Cybercriminals are leveraging Gen AI to automate their tactics, scale up the frequency of attacks, and dramatically improve quality. For example, it’s no longer enough to look for sloppy grammar, bad pronunciation, and poorly designed websites as markers of fraud attempts. With Gen AI, fraudsters can produce sophisticated phishing emails and deceptive text messages, as well as realistic deepfake calls and videos that impersonate trusted sources. These attackers know that employees are more likely to process a fraudulent payment if they think the request comes from their boss, a colleague, a supplier, or the CFO.
3. True or false: ACH transactions are now the most targeted payment method.
False. Paper checks—especially those delivered through the mail—remain the payment method most susceptible to fraud. In 2023, 65 percent of organizations experienced actual or attempted check fraud; 20 percent reported interference with U.S. mail as criminals try and obtain paper checks—up 10 points from the previous year’s survey.
Checks may be the most common target, but digital payment methods are not immune from fraud. It’s vital to protect ACH credits and debits, wire transfers, and instant payment methods from fraud as well.
4. True or false: Most employees can detect suspicious activity and follow fraud prevention guidelines naturally; ongoing education is unnecessary.
False. People are actually one of the most vulnerable entry points targeted by criminals. Even well-intentioned staff and suppliers can fall victim to fraudsters’ schemes, often when they’re in a hurry, under pressure, or distracted at work.
In a recent survey on phishing, 7 out of 10 employees admitted to taking a risky action last year, such as reusing a password for multiple sites, or accessing company systems on a public wifi network rather than a secure VPN. Fraudsters love to find and exploit these opportunities, making ongoing employee training essential.
5. True or false: Urgent language, requests for secrecy, and communication about payments outside normal channels can all be red flags for potential fraud attempts.
True. Communications from fraudsters often try to trick employees into changing payment instructions, making bogus payments, providing bank account details, or sharing their credentials. When the phone rings or an email arrives with this type of request, remind employees to pause, double-check, and follow procedure. Dual controls on payments, where one employee acts as requestor and a second as approver, can also help reduce your risk.
6. True or false: Unique passwords, biometrics, and two-factor authentication are all good ways to strengthen your defenses against fraudsters.
True. Robust controls help protect your people and your systems. If cybercriminals do manage to obtain a password or account credential, for example, strong controls can help limit your risk. Remember to extend your security protocols beyond your company employees to key suppliers, customers, and trading partners who may access your network and systems.
7. True or false: In the age of “anytime, anywhere” access, securing your company systems should encompass more than just desktops and servers.
True. Consider how often employees conduct business activities on their mobile phones, tablets, and devices, and from remote or hybrid environments. All these situations can become vulnerable entry points for cybercriminals if not well controlled. To reduce your risk, make sure staff connect securely when using their mobile phones and devices; caution employees not to share files or information via text messages or apps.
8. True or false: Cybercriminals actively target operating systems, software, and antivirus programs with out-of-date versions.
True. Most providers issue updates regularly, with many designed specifically to keep bad actors from finding loopholes and backdoors into your systems. Delays in loading these updates, however, can increase your fraud risk. One of the easiest ways to protect your company’s systems is by installing updates, patches, and versions on schedule. Assign dedicated resources and set up monitoring and alerts to find outdated programs. Remind employees to keep their mobile phones and devices current if they connect to your company network or systems.
9. True or false: Business continuity planning (BCP) and regular testing can help you react quickly if you encounter suspicious activity.
True. Organizations that take a proactive approach can respond and recover quickly, should a fraud attempt occur. Start by convening your internal team, identifying potential vulnerabilities or “what if?” scenarios, and determining how to respond. Then test your employees and your systems with realistic drills at least once a year. Use your learnings to continually improve your defenses.
Just as technology and payment methods continue to evolve, so does cybercrime. Fraudsters are masters at adapting and innovating their techniques. Making fraud prevention an ongoing priority will help limit your risk and protect what matters most to your organization.