Three Ways the Pandemic has Changed Business Fraud

Times of adversity are known for bringing out the best in humanity. But crises also have a way of exposing the worst in people. The global pandemic provided the perfect cover for thieves who would exploit the current economic, public health and political conditions to defraud businesses for their personal gain.

Pandemic-related fraud is rising.

A recent survey by the Association of Certified Fraud Examiners (ACFE) reveals that 77% of respondents have seen an uptick in fraud since the outbreak began, and they expect it to continue.1 Anti-fraud professionals report increased activity across nearly every business category, with the largest growth seen in insurance fraud, loan and bank fraud, financial statement fraud, and identity theft.

While the outbreak isn't to blame for introducing the problem — fraud and economic crime were at record highs pre-COVID — it does represent a confluence of factors that created an environment to which criminals adapted and are using for nefarious ends.2

Three conditions unique to the pandemic contributed to a distinct rise in certain types of business fraud. But there are ways to mitigate associated risks.

Condition 1: An increase in e-commerce

Social distancing and quarantining led to a surge in e-commerce as consumers and businesses sought to avoid physical contact. Two-thirds of consumers increased online shopping because of the contagion.3 Consequently, e-commerce spending increased 44% over 2019,4 — an additional $105 billion — to reach $840 billion in annual sales. That's a level not originally expected until 2022.5

How fraudsters exploit e-commerce: payment fraud

In the flood of increased sales transactions, scammers hope to slip by undetected. Sixty-eight percent of anti-fraud professionals noticed an increase in payment fraud last year.6 Criminals use stolen or fraudulent information and unauthorized credit cards, gift cards, and digital wallets (PayPal®, Apple Pay®, Google Pay ®, Samsung Pay®) to make their bogus purchases, leaving businesses with the bill.

The e-commerce boon not only gives fraudsters more transactions in which to hide, but also introduces more e-commerce "newbies." These inexperienced consumers and businesses are often less aware of, thus more vulnerable to, the channel's potential security risks.

How to protect against payment fraud:

• Pay close attention to the dollar amount of the transactions. The average fraudulent transaction is three times greater than that of a legitimate transaction.
• Consider activating a fraud protection platform, like Address Verification Services, to confirm a cardholder’s billing address with the respective card issuer.
• Look out for orders that use payment types other than credit cards. Contact the buyer for information if something looks suspicious.7

Condition 2: Broad availability of federal financial assistance

To quickly provide emergency relief to businesses struggling due to economic conditions of the outbreak, the federal government passed multiple financial assistance bills, including the Small Business Association's (SBA) Economic Injury Disaster Loan Program and Paycheck Protection Program (PPP). Sixty-two percent of businesses received aid, including more than 5.2 million individual PPP loans of more than $525 billion.8 Application, processing and distribution of the extraordinary funding amounts took place in relatively record time to offset pandemic conditions.

How fraudsters exploit federal financial assistance: identity theft

The extraordinary numbers of recipients, combined with relatively minimal oversight of applicants, created an irresistible opportunity for fraudsters to exploit the system to receive "free money" for their own their personal gain. Tactics often included stealing the identity of a legitimate business. Criminals also use publicly available information about PPP recipients to pose as a lender requesting further details about loan applications or forgiveness to scam businesses out of sensitive information.

The high number of shuttered or dormant businesses also provides more and easier targets for business identity theft. Many companies are operating with reduced, overworked, or distracted staff, or without other resources that might otherwise help keep identity thieves at bay. This makes it easy for criminals to steal sensitive business information and use it to fraudulently apply for a federal PPP loan.

How to protect against identity theft:

• Start your search for pandemic financial assistance directly with a local financial institution or the Small Business Association website (sba.gov).
• When considering working with a new company, get its Dun & Bradstreet9 Number so you can check its credit history.
• Check your business registration details and credit report regularly or freeze your credit. Dun & Bradstreet offers free credit monitoring for businesses.10

Condition 3: Increased security risks from remote work

During the pandemic, nearly one-third of companies increased teleworking opportunities for employees.11 Forty-four percent of the U.S. workforce now works from home five days or more per week, compared with only 17% pre-COVID.12 Forced to rapidly pivot to enable employees to work from home, many businesses relaxed information security protocols and rushed the adoption of data systems that would’ve otherwise been extensively evaluated. This left business networks wide open to fraudsters.

How fraudsters exploit remote work: cyber fraud and business email compromise (BEC)

While technology makes it easier for remote employees to perform their duties and stay connected, teleworking also increases security challenges. The COVID-19 contagion further escalated cyber fraud, as customers, businesses and employees quickly adjusted to new technologies, a virtual gift to hackers.

Cyber fraud, including phishing and malicious software, are the activities in which most anti-fraud professionals noticed the largest increases. Seventy-four percent of organizations experienced a successful phishing attack last year, representing a 14% increase year-over-year.13 Phishing can take several forms, including impersonating a legitimate user and creating a fake website to capture login details or customer information.

Malicious actors use email to trick victims into transferring funds or data to the criminal's account. BEC involves sending a fraudulent email from a source that appears to be familiar — vendor, bank, merchant, or high-level employee — requesting an urgent wire transfer.

The FBI received more than 19,000 complaints of BEC last year, which cost victims nearly $1.8 billion.14 Criminals continue to adjust their social engineering techniques to pry their way into business payment systems.

How to protect against cyber fraud and BEC:

• Employees are your first line of defense against cyberattacks. Educate them, with continuous reminders that it only takes "one wrong click" to give fraudsters access.
• Be careful when sharing company information. Know who you’re talking to.
• Strengthen your remote access management policy and procedures. Implement multi-factor authentication for VPN access, IP address whitelisting, limits on remote desktop protocol access and remote network monitoring.
• Plan your response to a phishing attack. Know who you'll contact and how you'll contain the fallout before it happens.
• Be skeptical of unexplained, last-minute, or urgent changes in wire instructions or deposit information, including senders who insist on communications in email only.
• Verify any request for changes via the contact on file instead of using the information provided in the email received.
• Use two-factor authentication to verify any change to account information or wire instructions.

The financial impact of fraud against businesses is significant. The typical organization loses five percent of its revenue to theft, but the effects ripple beyond just monetary loss.15 Fraud can tarnish a company's brand, erode reputation and consumer trust, and lower employee morale. Companies must protect themselves with increased awareness, employee education and vigilance.

Contact Synovus Treasury and Payment Solutions, your Treasury Consultant, or Relationship Manager to see how Synovus can help.

More reading on this topic:

Cyber Check-up: Are You Protected Against Ransomware?

Employee Theft: The Whys and Hows