If your company makes payments or moves money, there’s a good chance cybercriminals may target your business at some point in the near future. The more you know about today’s popular fraud techniques—and the best ways to protect your people and your systems—the better prepared you’ll be.
Test your fraud prevention knowledge with these true or false situations.
False. In fact, last year set a record for the most publicly disclosed security compromises. More than 3,200 incidents were reported in 2023—up 43 percent compared to 2022. According to the latest AFP survey, 80 percent of organizations admitted being targets of actual or attempted payments fraud in 2023. Businesses of all sizes, all industries, can be at risk, so it’s best to stay connected to current knowledge and be vigilant across your organization.
True. Cybercriminals are leveraging Gen AI to automate their tactics, scale up the frequency of attacks, and dramatically improve quality. For example, it’s no longer enough to look for sloppy grammar, bad pronunciation, and poorly designed websites as markers of fraud attempts. With Gen AI, fraudsters can produce sophisticated phishing emails and deceptive text messages, as well as realistic deepfake calls and videos that impersonate trusted sources. These attackers know that employees are more likely to process a fraudulent payment if they think the request comes from their boss, a colleague, a supplier, or the CFO.
False. Paper checks—especially those delivered through the mail—remain the payment method most susceptible to fraud. In 2023, 65 percent of organizations experienced actual or attempted check fraud; 20 percent reported interference with U.S. mail as criminals try and obtain paper checks—up 10 points from the previous year’s survey.
Checks may be the most common target, but digital payment methods are not immune from fraud. It’s vital to protect ACH credits and debits, wire transfers, and instant payment methods from fraud as well.
False. People are actually one of the most vulnerable entry points targeted by criminals. Even well-intentioned staff and suppliers can fall victim to fraudsters’ schemes, often when they’re in a hurry, under pressure, or distracted at work.
In a recent survey on phishing, 7 out of 10 employees admitted to taking a risky action last year, such as reusing a password for multiple sites, or accessing company systems on a public wifi network rather than a secure VPN. Fraudsters love to find and exploit these opportunities, making ongoing employee training essential.
True. Communications from fraudsters often try to trick employees into changing payment instructions, making bogus payments, providing bank account details, or sharing their credentials. When the phone rings or an email arrives with this type of request, remind employees to pause, double-check, and follow procedure. Dual controls on payments, where one employee acts as requestor and a second as approver, can also help reduce your risk.
True. Robust controls help protect your people and your systems. If cybercriminals do manage to obtain a password or account credential, for example, strong controls can help limit your risk. Remember to extend your security protocols beyond your company employees to key suppliers, customers, and trading partners who may access your network and systems.
True. Consider how often employees conduct business activities on their mobile phones, tablets, and devices, and from remote or hybrid environments. All these situations can become vulnerable entry points for cybercriminals if not well controlled. To reduce your risk, make sure staff connect securely when using their mobile phones and devices; caution employees not to share files or information via text messages or apps.
True. Most providers issue updates regularly, with many designed specifically to keep bad actors from finding loopholes and backdoors into your systems. Delays in loading these updates, however, can increase your fraud risk. One of the easiest ways to protect your company’s systems is by installing updates, patches, and versions on schedule. Assign dedicated resources and set up monitoring and alerts to find outdated programs. Remind employees to keep their mobile phones and devices current if they connect to your company network or systems.
True. Organizations that take a proactive approach can respond and recover quickly, should a fraud attempt occur. Start by convening your internal team, identifying potential vulnerabilities or “what if?” scenarios, and determining how to respond. Then test your employees and your systems with realistic drills at least once a year. Use your learnings to continually improve your defenses.
Just as technology and payment methods continue to evolve, so does cybercrime. Fraudsters are masters at adapting and innovating their techniques. Making fraud prevention an ongoing priority will help limit your risk and protect what matters most to your organization.
Identity Theft Resource Center, “2023 Data Breach Report”
AFP, “2024 AFP® Payments Fraud and Control Survey Report”
Proofpoint, “State of the Phish” Survey, 2023
Global Treasury Management products and services are provided by Wells Fargo Bank, N.A. Wells Fargo Bank, N.A. is a bank affiliate of Wells Fargo & Company. Wells Fargo Bank, N.A. is not liable or responsible for obligations of its affiliates.
Deposits held in non-U.S. branches, subsidiaries or affiliates are not FDIC or CDIC insured. Deposit products offered by Wells Fargo Bank, N.A. Member FDIC.
Wells Fargo provides best practice information related to cyber risk and/or topics for educational and information purposes only. This document is not intended to and should not be relied on to address every aspect of the risks discussed herein. The information provided in this document is for the purpose of helping customers and clients better protect themselves from cyber risk and highlight industry best practices for operating in a more secure manner. This document does not provide a complete list of all cyber threats or risk mitigation activities, nor does it document all types of best practices. Wells Fargo is not providing cyber-related advice or consulting services and customers and clients should decide whether to engage a cybersecurity firm for specific questions or advice. It is the responsibility of our customers and clients to determine their best approach for mitigating cybersecurity risk through implementation of best practice aligned to the level of risk.
Wells Fargo Bank, N.A. Member FDIC.
TM-3298 RO-3630366
LRC-0624
Sign On