Fund transfer fraud: Small business equals big target

The ‘low-tech’ cybercrime saw big increases in losses and frequency among operations with less than $25M in annual revenue.

(Photo: Shutterstock)

Overall fund transfer fraud (FTF) losses increased 69% from 2020-2021, according to claims data from Coalition, Inc. The frequency of these cybercrimes grew 21% for companies with less than $25 million in annual revenue and 68% for those with $25 million-$100 million in revenue during the period.

Typically initiated through social engineering tactics such as phishing and business email compromise, FTF is one of the easier ways to monetize a cyberattack, the insurance company wrote in its 2022 Cyber Claims Report. Once they have access to a business email, hackers can manipulate contracts or modify payment instructions at times without even triggering security alerts. Cybercriminals are also sending payment instructions that purport to come from customers or vendors either through spoof accounts made to look legit or by comprising the third party’s email system.

Related: ”Shields Up”: Ukraine war raises threat of Russian cyberattacks

During the first half of 2021, Coalition saw a surge of these attacks and initial FTF losses reached an average of $388,000 (before accounting for recovered funds). In the second half, the initial loss average did temper some as it dropped 11% to $347,000. However, that was still 78% above initial loss averages from 2020.

Why small business?

This trend became more pronounced for small businesses (less than $25 million in revenue) as these organizations saw initial FTF losses increase by 102% in the second half of 2021, according to Coalition. These businesses also saw a spike in FTF frequency during the period, growing 54% compared with 2021’s first half.

Overall, small businesses saw a 54% increase in FTF during 2021 as well as a 40% increase in ransomware attacks, according to Coalition, which reported that automation of cyberattacks has made it easier and more profitable for hackers to target small businesses. In 2021, Coalition’s overall claims severity rose 56% for these types of organizations.

Small businesses typically have less digital infrastructure and data, leaving hackers with less leverage during a ransomware negotiation, according to the company, resulting in more FTF.

Steps to recover from FTF

The most critical factor to bouncing back from FTF is to act as soon as possible, according to Coalition. In addition, the cyber insurer recommends taking the following six steps:

  1. Notify a claims team as soon the fraud is detected. Coalition reported within 48-72 hours is ideal.
  2. Alert your bank immediately of the fraudulent transaction and request a reversal of the transfer.
  3. File a report with the FBI’s Internet Crime Complaint Center.
  4. File a report with local law enforcement.
  5. Follow up repeatedly on the status of the recovery with the bank that transferred and the bank that received the funds.
  6. Institute multifactor authentication and host cybersecurity education programs for employees to reduce the chance of a business email compromise or other types of cyberattack.

READ MORE: