Risks of fraud lurk around businesses of all types and sizes, according to Greg Gatzke, president of ZAG Technical Services, Inc., a San Jose, CA-based IT consulting firm and managed services provider.
He describes a trio of cybercrime attack routes every business should be prepared for.
“Organizations, whether they’re produce companies, retailers, or transportation companies, are currently being hit through three main paths,” Gatzke says.
The first is automated clearinghouse or ACH fraud. “This is done with spear-phishing attacks where criminals pose as suppliers and work to get companies to redirect payments to criminal bank accounts,” he explains.
“For instance, if the supplier uses a domain of realcompany.com, the criminals may set up a realcornpany.com (note the ‘m’ in the second one is actually an ‘r’ and an ‘n’) and then use those emails to get the company to redirect payments for product and supplies.”
These attacks can rake in large sums of money, from $10,000 to more than $100,000, Gatzke notes.
Blue Book Services, Inc. is aware of a similarly themed financial scam involving fake bank information.
“Unfortunately, we’re seeing more occurrences of this type of fraud,” notes Marco Campos, a claims analyst with Blue Book.
He cites a recent example involving an emailed invoice and payment instructions. A supplier sold and shipped a load of produce to a buyer, and the buyer received the payment instructions soon after the transaction.
Hackers had created a similar email address to the supplier’s and sent updated banking information to the buyer. The buyer followed the new instructions and paid the invoice.
When the supplier followed up with the buyer, the buyer claimed the invoice was already paid, with funds sent via electronic funds transfer. The funds did go to a bank account, just not one belonging to the supplier.
“Scammers either attempt to duplicate an email from a company or hack into its email to send fake invoices and banking instructions,” Campos explains. “The funds then go to the scammer’s bank account and disappear soon after.”
By the time the buyer and/or shipper figures out the scenario, the funds are usually long gone.
A way to prevent such financial fraud is to always verify payment instructions, especially if they’re new or different, by contacting the company and/or individual who supposedly sent the email—by phone, since the email account may be compromised.
Gatzke agrees. “Don’t use the number on the email asking for the change; verify to ensure this isn’t a criminal attack.”
This an excerpt from a feature story in the March/April 2022 issue of Produce Blueprints Magazine. Click here to read the whole issue.