Many business owners have questions about protecting themselves from fraud and cybercrime. The risks of these activities can cost your business time and money. They can even affect your customers and reputation.

The tactics used by bad actors evolve constantly, and they go beyond technology. They are often a people and process issue, too. Fraudsters frequently exploit human behavior, targeting decision-making and operational vulnerabilities. They use a mix of old and new methods, from paper checks and mail to email and banking or payment platforms. AI is also making it easier to trick or deceive you and your staff.

• Fraudster: Uses either traditional methods, such as check or mail fraud and scams, or digital methods, such as social engineering, hacking and phishing, to gain unauthorized access for financial gain; may also be called a cybercriminal
• Social Engineering: Manipulates people into revealing confidential information or performing actions that compromise security.
• Phishing: Uses fake messages, often via email, to trick recipients into sharing sensitive information or clicking malicious links.

Understanding these threats and applying practical safeguards can help businesses protect their finances, employees, and customers from evolving fraud tactics.

Many businesses still rely on traditional payment methods like paper checks. Check fraud may seem like an outdated crime in the digital age, but it remains a significant threat.

In the past, criminals would often create counterfeit checks to steal funds from a business. This form of check fraud is less common today. Instead, they steal legitimate checks directly from the mail (such as public blue collection boxes, unsecured mailrooms, or onsite boxes for sending and receiving mail). Fraudsters use these to intercept checks and slightly modify business names, such as changing Acme Company to Acme & Company. Then, they deposit them into fraudulent accounts without raising immediate suspicion.

More advanced check fraud schemes can involve organized groups that steal large volumes of mail, using sophisticated techniques to alter and cash checks, changing payee information or check amounts. They exploit the routine nature of business operations, knowing that batches of checks sent for vendor payments or payroll can be lucrative targets.

Staying vigilant and adopting secure payment practices can help your business avoid the costly impact of check fraud.

• Go Digital: Transition to electronic payments whenever possible. Digital transactions reduce the risk of interception and provide better tracking.
• Secure Your Mail: Use locked mailboxes, collect mail promptly, or consider using a P.O. Box for sensitive correspondence.
• Monitor Accounts: Regularly review your bank statements for unauthorized transactions and reconcile accounts promptly.
• Bank Services: Work with your bank to implement Positive Pay, a service that verifies checks presented for payment against a list of issued checks, and other Account Reconciliation tools. M&T can help with these services- meet with a banker to help figure out the right solution for your business.

The weakest point in protecting your business from fraud is often human credibility and error. Fraudsters use deception to manipulate people into providing access to secure locations and technology, sending money, or sharing sensitive information.

The psychology of social engineering exploits trust, urgency, and authority to trick individuals and businesses into making costly mistakes. Many attempts will use a combination of all three.

For example, someone may use trust to present themselves as a maintenance worker, vendor, or customer service representative to ask you for access to your physical locations or digital systems, such as trying to reset a password and then calling to ask for one-time passcodes to gain unauthorized access to accounts.

Urgency can also mislead your staff to provide payments or release funds. A bad actor might tell you a particular payment is needed to avoid canceling a service or to allow a transaction to go through, insisting that someone act now.

Finally, authority can also be deceptive, with someone pretending to be an executive using an unknown number or email address to ask for fund transfers or passwords. Your staff may respond positively because they want to do what their leadership asks.

Promoting a culture of awareness and caution can significantly reduce your business's exposure to social engineering attacks.

• Train Employees: Regularly educate staff on how to identify common scams and suspicious activities.
• Verify Transactions: Implement secondary verification from an additional person at your company for all financial transactions, especially those involving large sums.
• Reconfirm Requests: Ask to return any calls asking for immediate payments and call back your providers using their primary numbers. Go directly to websites or make calls rather than replying to emails.
• Clarify Security Protocols: Reinforce that banks and other service providers will never ask for passcodes, user IDs, or other sensitive credentials over the phone or via email.

Digital payment methods are becoming increasingly prevalent in business operations due to their speed and convenience. Options include bank services like Zelle, business credit card transactions, and digital wallets such as PayPal.

Scammers exploit the benefits of fast digital payments by trying to capitalize on quick decision-making processes. For example, they may send fake vendor invoices that look authentic, complete with logos and legitimate-looking details and links for easy payment options. These invoices often contain subtle discrepancies, such as slightly altered account numbers, which can easily go unnoticed if staff rush through or skip payment verification steps.

In other cases, scammers compromise business accounts through phishing attacks, gaining unauthorized access to digital wallets or payment platforms. The most common method is an email that looks like it comes from a vendor or a well-known company, with a link that requests payment or steals login details. Once someone has access, they can initiate transactions that appear routine, making fraudulent activity harder to detect until it's too late. Additionally, they can manipulate stored payment logins or set up unauthorized small recurring payments, draining funds over time.

By combining secure payment practices with employee awareness, businesses can confidently utilize instant payment platforms while minimizing the risk of fraud.

• Verify Recipients: Only send payments to verified and trusted contacts, confirming details directly with vendors or partners.
• Dual Approvals: Set up dual authorization for high-value transactions, requiring approval from two individuals within the company.
• Employee Training: Regularly train staff to pause and verify payment requests, especially those with a sense of urgency or unfamiliar account details.
• Monitor Transactions: Use payment platform security features to track transaction activity to review regularly and receive alerts for suspicious behavior.

The advanced frontier of fraud is being shaped by AI and deepfake technology (i.e., using AI to simulate someone's voice or appearance). Fraudsters now use AI to impersonate executives, vendors, or trusted contacts. These tools can even seem like live phone calls or video meetings, making scams more believable than ever before. For example, a scammer might fake a call from a company leader, requesting an urgent fund transfer with a voice that sounds nearly identical to the real person.

This technology blurs the line between legitimate and fraudulent communication, posing a significant business risk. It is likely to become more common as AI advances.

To counter these threats, companies should require secondary verification for financial approvals, educate employees about the signs of AI-driven fraud, and approach unexpected, high-pressure requests with heightened skepticism. Remember that AI is merely a new and powerful way to accomplish social engineering.