The holiday season presents a unique opportunity for fraudsters to rain on your holiday cheer. Here are the most common ways fraudsters will try and abscond with your organization’s money, and how you can protect it.

Vendor Impostor Fraud:

Criminals are targeting payments to vendors at historically high rates. The year 2023 marked an all-time high for ACH credits being targeted by fraudsters, and the first time that ACH credit fraud attempts surpassed wire transfer fraud attempts.1

While business email compromise (BEC) is still the standard method for thieves to initiate vendor impostor fraud, the increased accessibility of deep-fake technology has enabled a next-level threat. Inbound phone calls should be closely scrutinized, as fraudsters can mimic the voice of a contact at your trusted supplier and call to request a change of payment information. The best ways to counteract vendor impostor fraud are to require call-backs to known vendor phone numbers and dual approval of any change in vendor payment and contact information.

Executive Impostor Fraud:

A spoofed email from an executive to an employee with funds transfer capabilities is typically how this type of fraud begins. The email appears to be from an executive, contains a sense of urgency and emphasizes the need for secrecy. Many examples ask for the urgent initiation of a wire transfer to finalize an acquisition or a major asset purchase. Social media posts can tip fraudsters off to holiday travel; making the short, time-sensitive emails seem more legitimate. Although fraudsters are getting better at mimicking executives, these attempts can be identified by closely checking the sender’s email address for extra or missing characters, as well as requiring dual-approval for funds transfers and maintaining an organizational culture that empowers staff to question executives whenever something doesn’t feel right. Being cautious with social media posts about holiday travel and closely guarding organizational hierarchies can also help mitigate executive impostor fraud.

In more sophisticated attempts, the fraudsters gain access to a company’s email accounts, typically through phishing attempts. These are more difficult to identify because the sending email account is actually the executive’s account. Once inside your email system, cyber thieves also have access to calendars, email history and other contact information. With this, the criminals can mimic tone and diction to sound more legitimate to the receiver. They can also use calendar details to identify the perfect time to strike. The most sophisticated attempts now leverage deep-fake technology to mimic the voice of an executive in a phone, or even a video call.

Sending phishing tests, training your staff and maintaining a culture of cautious skepticism are the most effective ways to catch and prevent executive impostor fraud. Requiring at least one approver for outgoing funds transfers also defrays the risk of being victimized.

Check Fraud Remains the Top Target:

Of the organizations surveyed for the 2024 Payments Fraud and Control Survey Report, 65% reported that they were targeted for check fraud.  Multiple companies reported entire batches of checks that were intercepted from the mail and presented with altered payees. Positive Pay with Payee Match remains the most adopted method to mitigate risk against check fraud schemes. Implementing a strategy to reduce or even eliminate checks as a form of payment prove to be the most effective ways to eliminate check fraud risk altogether. ACH, Immediate Payments, and Commercial Card may be used to not only reduce payment cost, increase cash on hand, and simplify account reconciliation but, also to eliminate check fraud risk so you can focus on your businesses growth.

Being diligent about payment security with set procedures to ensure authentication before a payment is made goes a long way to protecting against these known tactics. This holiday season, make sure you give yourself the gift of peace of mind knowing that you have taken an active role in protecting your business against fraud.