Safe Treasury Management Tips

July 5, 2022
Woman working on her finances. Sandy Spring Bank.

Every business wants to prevent fraud and financial crime. These days, cyber criminals are becoming smarter and savvier seemingly every day. Safely managing business cash flow can seem like a daunting challenge. But with the right knowledge and tools in your cybersecurity toolkit, you can help keep your company’s money safe. 

Understanding Business Email Compromise

Business Email Compromise (BEC) is one of the most common types of payment and business fraud. With BEC, fraudsters disguise themselves as a trusted person, such as a business owner or C-level executive, to trick a recipient into transferring money via wire transfer, ACH, or check. BEC may also take on the form of a fake invoice from a compromised supplier or vendor email address.

The most daunting aspect of BEC scams is that once a transaction has occurred, it’s often very difficult, if not impossible, to retrieve lost funds. Here are some ways to help you avoid becoming a victim:

  • Focus on employee education and awareness.
    Employees are the first line of defense against email compromise. Education is often the best prevention against fraud. A strong security program paired with employee training about warning signs, safe practices, and how to respond to a suspected scam email are essential to protecting your company’s funds.
  • Pick up the phone.
    Never accept or facilitate a wire transfer via email. If you receive an email asking you to transfer or wire funds, pick up the phone and call the sender directly to verify. Also, never click any phone numbers or links contained within the suspicious email. Call the person directly on a trusted phone number or locate the company’s main number online.
  • Protect your email.
    It’s critical to protect your company’s cyber environment. Do not use unprotected internet connections, encrypt sensitive data, and keep computers updated with the latest virus protection. Be sure all employees are using complex passwords and changing them periodically.
  • React quickly.
    If you do become a victim of a BEC scam, it’s important to contact your bank immediately and request that they contact the financial institution where the transfer was sent. At Sandy Spring Bank, we always do our best to immediately contact the receiving bank to request that it place a hold on the funds. Swift client action is critical to helping us attempt to recover your money.   

Preventing Unauthorized Transactions 

With check and ACH fraud on the rise, Sandy Spring Bank offers fraud prevention tools that help businesses take a proactive approach to unauthorized transactions.

From high-tech counterfeit checks to simple forgeries, business checking accounts are hot targets for fraudsters. Check Positive Pay is a treasury management product available to all commercial clients that serves as early warning fraud detection system. It allows you to electronically share your company’s check register for all written checks including precise specifications such as amount, serial number, check date, etc. Based on this information, the bank will only pay the checks listed on the register according to these specifications.

ACH Positive Pay works similarly. It allows you to prevent unauthorized electronic debits from posting to your business account by controlling who you accept ACH transactions from. Users can also create filters to allow specific transaction types to post (such as payroll or other standard payments) automatically while also preventing other transaction types, including those over a certain amount.

Client Advocacy

Fraud isn’t always easy to spot. In fact, people often think they’ll immediately recognize a scam email because of misspelled words, fake email addresses, bogus links, and more. But hackers are smart and spotting a scam email is getting more challenging. To help you step up your defenses, here are three common types of scams to watch out for: 

  • CEO Fraud:
    Attackers hijack the email of a business owner or high-level executive, such as the CEO or CFO, and request that an employee urgently wire money, transfer funds, or make an immediate purchase. Most importantly, ensure your employees know how to spot these emails and what to do if they encounter one. Create a policy that requires them to call the sender first for verification before taking any type of action. 
     
  • Fake Invoice Scam:
    Scammers impersonate company suppliers and request payments to an account, which appears to be from a trusted organization. And because businesses are so used to paying invoices online and via email, this type of scam can be missed and processed as normal. If you receive a suspicious invoice via email, pay close attention to the email address of the sender. Also, take note of what you are being billed for. Do the items and cost match something you’ve purchased? 
     
  • Overdue Taxes Scam:
    A business receives a call from an individual purporting to work for the IRS, who informs the business that it owes money to the IRS, and the business owner will be arrested if funds are not wired that day.  This can cause a business owner or employee to panic, come to the bank, and initiate a wire to an individual account outside the U.S. The most important thing to remember is that the IRS will never call you. They send letters and will never request funds to be sent to an individual or to another country. 

Unfortunately, fraud continues to be rampant throughout the world. That’s why it’s so important to be sure business owners and employees are aware of the methods and tactics cyber criminals use to trick individuals into unknowingly transferring company funds, paying bogus invoices, or committing wire fraud. At Sandy Spring Bank, we’re here to help our clients protect their business and keep their money safe from scammers. 

If you suspect that you’ve been a victim of fraud, immediately contact the Commercial Business Center at Sandy Spring Bank at 866.867.1570. You should also file a complaint with either the FBI’s Internet Crime Complaint Center (IC3) or your local FBI field office.

Learn more about ways to protect you and your information. »