Understanding and Protecting Your Business from Organized Crime

Organized crime has a level of sophistication, structure, self-identification and a reputation or authority that many other criminal networks lack. It functions based on a centralized, controlled authority, which is vested in either the hands of one individual or a few members. Organized crime poses a significant and growing threat to national and international security in today’s business world. Due to the COVID-19 pandemic, many cash-short small businesses needed financial assistance. By the time the government stepped in and provided aid, it was too late for many small businesses, and, for those that were helped, the grants didn’t relieve the cash shortfall. This resulted in many opportunities for organized crime enterprises to infiltrate the corporate world.

Common Schemes:

Organized crimes have many ways of introducing themselves to your business, so look out for these common schemes seen recently:

Authorized Clearing House (ACH) Fraud: There are many different types of ACH Fraud.

• • Due to the lack of internal controls and verification processes, criminal organizations can gain backdoor access to customer credentials and can submit an unauthorized ACH transaction under the same name using a fake email and quickly withdraw the funds.
  • Overpayment scams are when fraudsters pose as trusted vendors stating that the agreed-upon amount is overstated and insist that the overpayments be wired back to them, leaving you liable for the entire amount.
  • An employee receives an email or phone call from a fraudster posing as a trusted vendor requesting a change in payment instructions. Without any due diligence and validation process to confirm the request, the employee transfers the funds to the fraudster’s bank account.

Email Hacking: There are numerous amounts of helpful ways to prevent hacking of emails and servers.

• • Phishing is the most common use for hacking. It is done by sending emails that look legitimate that direct the recipient to a fake website and has them enter their credentials to “verify” information. Or they provide a link that has a download or something that looks legitimate but is malware.
  • A man-in-the-middle (MITM) attack is when a hacker positions themselves in a communication between a user and an application, either to eavesdrop or to impersonate one of the parties, allowing them to intercept the information.
  • Password guessing is a simple, but well-used, way to gain access to an account

Extortionate Loans: Instead of seeking any form of financial assistance, contact banks that you do business with, your credit card company and alternative lenders. Although, they may require a higher credit score and extensive financial documentation to underwrite the loan.

Government Loan “Partnerships:” The group may offer to facilitate quick access to government funds disbursed via financial institutions. They accomplish this by corrupting a bank loan by paying the employees at the bank to quickly rubber stamp and approve the disbursement. In return for this, they require a portion of the loan proceeds.

How to Avoid These Schemes?

Authorized Clearing House (ACH) Fraud: There are many ways to help assist in preventing it.

• • ALWAYS call the vendor, business partner or colleague directly to verify the payment information. Never initiate any major payments over email without confirming the payments.
  • Create a two-factor authentication where the transactions must be cleared by two people in the company.
  • Set up authorization blocks such as an Ach block, which will request authorization for every ACH transfer being passed on a checking account.
  • Double-check the email address of every confirmation. Many fraudulent emails come from an email address that is similar to a real one BUT have a 1-2 letter difference.
    • Real Vendor: something@gmail.com
    • Fake Vendor: somethings@com (The difference is there’s an extra “s”)

Email Hacking: There are numerous amounts of helpful ways to prevent hacking of emails and servers.

• • Use a firewall – The more steps that are in the way to prevent hackers, the better. A more intense firewall will help create more procedures to get through.
  • Install Antivirus Software – This may be an extra expense that not everyone can afford but is a good investment to keep your company information protected and free from accidental clicks and downloads.
  • Install an Anti-Spyware – Another extra expense that might be more costly. However, is very effective in preventing MITM.
  • Use complex passwords – Make sure you are updating your passwords frequently and, if possible, add a two-factor authenticator to be even safer. A more updated and complex password allows for a more secure email.

Extortionate Loans: Instead of seeking any form of financial assistance, contact banks that you do business with, your credit card company and alternative lenders. Although, they may require a higher credit score and extensive financial documentation to underwrite the loan.

Government Loan “Partnerships:” Remember the government is a slow-crawling entity and that it takes time for aid. During COVID-19, the time was shortened drastically to only 10 days. Attempt to forecast your current business standing, understand the economic standings and apply for loans for relief before they become a necessity.

Things to Consider:

A financial crisis or social emergency may aid criminals and fraudsters and keeping a rational and logical thought process is better when operating your business. You may be tempted by the easy capital offered by these shady perpetrators. But, given the potential repercussions to you and your business, better options are always available that might take a little more time. Make sure to take the time to read the emails of vendors and confirm with any big purchase or payment.

As technology and technology skills continue to evolve, there are always new ways for fraudsters to steal important data, money and assets from a business. The worst thing any small business can do is nothing. It’s essential to shore up your technology and train your team.

Contributing Author: Sean T. Daughton, CPA, CFE, is an audit partner with over 26 years of experience providing audit and advisory services to a variety of clients, including automotive dealers, manufacturers and retail corporations. For more information on this topic, you may contact Sean at sdaughton@dmcpas.com or (315) 472-9127.