In the last four years there has been a sharp increase in the number of small businesess impacted by ACH fraud. This can take a number of forms and, since it involves email and online bank access, has involved IT. Several GCS clients have been affected. One type of the fraud goes like this:
- Send an email to the controller/CFO of the firm with a link to click.
- Controller/CFO clicks link and infects their computer with a virus that logs all keystrokes, including your bank account password.
- The attacker then uses the virus to login to your bank account from your computer.
- Transfer money to Eastern Europe, Asia, or elsewhere.
- Money is GONE.
Unlike credit card fraud which offers consumer protection guarantees, the losses from ACH fraud are born exclusively by the victim. Most banks have been very reluctant to offset these losses.
What can you do now:
- If you suspect fraud contact your bank immediately. Frequently a portion of the funds can be recovered.
- Contact the FBI next. If it the attack originated from outside the country there is little that can be done but it might make you feel better. The FBI can ensure that it was an external hack and not employee fraud.
What you should do to prevent this problem:
- Work with your bank to enable high security features such as dual factor authentication, ACH transfer limitations, and more.
- Talk to you insurance provider about policies designed to insure against these, and many other, attacks.
- Limit access to the bank account to a hardened computer that is not used for daily business.
GCS can help protect your business from this and other types of attacks.