Fraud Protection Checklist

Fraud Prevention For Your Business

Avoid free, web-based email accounts.
Monitor content on corporate social media accounts, particularly job duties/descriptions, hierarchal information and out-of-office details.
Raise suspicion about a request for secrecy or pressure to take action quickly.
Flagging any request from vendors, suppliers, or customers involving payments that suddenly change instructions, such as asking to route email through a personal email address or payments to a different bank account.
Consider additional IT and financial security procedures, including two-step verification.
- Out-of-band communication
- Digital signatures – don’t work with web-based email accounts.
- Delete spam
- Forward vs. reply
- Two-factor authentication for corporate email accounts.
Enact rules that flag emails with extensions similar to company email.
Register ALL company domains that are slight variations of your actual company domain.
Verify changes in vendor payments by adding two-factor authentication, such as a secondary sign-off outside email from specially designated personnel.
Confirm requests for funds transfers using a method such as a phone call to a phone number in your system, other than email.
Pay attention to your customers’ routines, including the details and amount of payments.
Scrutinize all emailed fund transfers.

Always verify the authenticity of the payment request. Call back the person who is requesting the payment from a known phone number.
Implement a call-back verification process when setting up payment instructions for a new vendor or making changes to payment instructions for an existing vendor.
Implement dual control and segregation of duties.
Education is key! Understanding email scams and educating your employees is critical in protecting your financial assets.
Test your fraud health.
Implement a cybersecurity policy and review it often.
Review your business insurance policy. Does it cover financial losses due to cybersecurity fraud?