Frauds Target Businesses: Don't Be a Victim

While large firms may have sophisticated technology and staff dedicated to thwarting crime, many small businesses don't and scammers know this. There are ways to protect yourself as a business owner, and to protect your company's information. Combating fraud starts by understanding some of the tools criminals use.

Corporate Account Takeover (CATO) is a form of identity theft at a corporate level. Cyber criminals acquire a company's credentials like account or other access information through phishing or malware introduced into a system via an internet download or email attachment.

"The most common and dangerous scam for small businesses is account takeover," said Michael Benardo, Chief of the FDIC's Cyber-Fraud and Financial Crimes Section. "By sending fake e-mails and using fake Web sites to deliver malicious software, such as keystroke loggers, fraudsters may be able to obtain the IDs and passwords for online bank accounts and then make withdrawals from accounts." Electronic frauds by third parties can be very costly to businesses, so take them seriously. The FDIC has seen an increase in reports of unauthorized electronic transfers made from bank accounts held by small businesses.

Because businesses are generally not covered by federal consumer protections against unauthorized electronic fund transfers, a bank will likely not be responsible for reimbursing losses associated with a theft from an account if there was negligence on the part of the business. However, the good news is that there are sound practices you can use as a business owner to combat fraud:

  • Don't click on links in or attachments to an unsolicited e-mail that asks for confidential information, even if it appears to be from a company you do business with or the government. Legitimate organizations won't request that kind of information in an e-mail. When in doubt, go to another source to find the organization's contact information so you can independently confirm the validity of the request. 

  • Equip your computers with up-to-date anti-virus software and firewalls (to block unwanted access). Make backup copies of critical business data on every computer. Also monitor account balances regularly, perhaps daily, to look for suspicious or unauthorized activity.

  • Reconcile accounts on a timely basis.

    • The more frequently you reconcile, the sooner you'll be able to identify unusual transactions.
    • Reconcile as frequently as possible with the ultimate goal of daily reconciliation.
    • Utilize online banking for up-to-the minute reporting.

To check out a variety of frauds targeting small businesses and what you can do to stop them, visit the scam alert page at