This article was provided by Advanced Fraud Solutions.
Small and midsize businesses (SMBs) are increasingly falling victim to fraud operators. Most SMBs believe they won’t be targeted, given their size – they’re wrong. According to the Association for Financial Professionals (AFP), in 2020, 74% of organizations were targets of payment scams.
According to the fraud experts at Advanced Fraud Solutions, here are the most common fraud tactics currently being deployed to defraud SMBs.
Payroll fraud ranges from exaggerated time worked, to disbursements sent to “ghost” employees and business email compromise schemes. The goal, from a fraudster’s perspective, is to misdirect funds, and to continue to do so on an ongoing basis, undetected. Payroll fraud is one of the most common accounting frauds and employment theft schemes.
Ghost Employee Fraud
A type of payroll fraud, ghost employees are employees on paper only. Ghost employee fraud is when an employee deceives the accounting department of a business by making up an employee to receive payroll checks. Payments are then directed into the fraudster’s account. Given the real employee’s access to payroll, these schemes can go undetected for months, even years.
Fictitious vendor scams typically result from an inside job, with an employee either falling victim to social engineering, or acting on their own to change the receiver’s banking account information. Duplicate invoices are also common, and involve an inside fraud operator duplicating an expected vendor payment, and directing that duplicate payment to a controlled, shell account.
Business Email Compromise
Business email compromise – an increasingly common and dangerous fraud tactic – is when a fraud operator either employs social engineering to dupe an employee into misdirecting payments, or installs malicious software (malware) on a machine with sensitive payments data. In either instance, fraud operators mimic real employees or vendors and have the business misdirect funds into the fraudster’s account. Business email compromise is becoming increasingly sophisticated – in ‘spear phishing’ cases, fraudsters will mimic or take over the email or phone of senior leadership in order to socially engineer these payments.