Scam Type | How it Works | Protect Yourself |
Business Email Compromise | Fraudsters impersonate an executive, a vendor, or a client via email to trick an employee into sending money or sensitive data. | Implement a verbal confirmation policy. Call the requester using a known, trusted number before authorizing any payment or transfer. Train staff to recognize emails stressing urgency or confidentiality. |
Fake Invoices & Vendor Fraud | A criminal spoofs a trusted vendor's email and sends a realistic-looking invoice with new, fraudulent bank account details. | Require Multi-Factor Authentication (MFA) for all wire/ACH approvals. Cross-reference all payment details against existing vendor records. Do not rely solely on the email. Use a bank service like Positive Pay for check transactions. |
Payroll Diversion Fraud | Attackers compromise an employee's email or target HR/Payroll to request that the employee's direct deposit information be switched to a bank account controlled by the hacker. | Mandate in-person or verified phone confirmation for all direct deposit changes. Require a physical form or encrypted portal upload, not just an email request. Audit access privileges for HR/payroll systems regularly. |
Check Fraud | Criminals physically intercept paper checks, alter the payee name or amount ("washing" the check), or create entirely counterfeit versions for deposit. | Stop using paper checks where possible; switch to secure digital payments (ACH/Wires with MFA). Use Positive Pay to automatically flag altered or unauthorized checks. Store check stock securely and reconcile accounts daily. |
